A Barista, A Shot, and Better Security

Abstract

When reviewing security failure’s root cause, frequently a contributing factor was the organization’s inability to move at the speed of the wild. Looking to the future, the wrong security methods will increasingly struggle as attackers learn more lessons in deception from the history of armed conflict, sports or the natural wild. To meet the threat; methods must be able to move at the speed of the wild.Designed to move at the speed of the wild is the 5+2 Step Cycle for managing risk. The 5+2 Step Cycle achieves this because it was designed to be simple, save time and money, and enable both technical and cultural change at the same time.In addition to the 5+2 Step Cycle, security professionals can improve their success with two other actions. First, stop “crawl” level practices that only work well at slow speeds or hide change. These can’t keep up with the dynamic business and technology environment, and black hat capabilities. Second, recognize the danger of and proactively prevent bias – especially when time-sensitivity creates a pressure-cooker for change, complexity and fatigue.In security, too many of today’s typical security approaches collapse in the face of technology moving at an exponential pace and black hats using more sophisticated tactics from history. What’s needed are methods designed to move at the speed of the wild. This is easier than you might think because benefits of making the shift start with fewer ugly surprises, more actionable insight, and saving time and cost.