Why you need a tactical pause to build a successful security program

Leaders with successful programs make time to press pause long enough to ensure efforts are aligned with priorities. Make changes now to end the year strong.

Another summer is in the books. Children are back in school, patiently counting down the days until the first long weekend. Vacation plans for the coming holidays are forming.

Back at work, the pace picks up. Most focus on either keeping projects going or trying to restart some momentum on the efforts stalled by the lull of summer vacations, competing interests, and well, the way things happen.

For many, key security efforts are stuck or stalled.

Successful leaders know that sometimes the way to maintain or regain momentum is to take a tactical pause. It's time to take a step back, survey the situation, and make sure available budget and resources are both aligned with the needs of the business and focused on producing the most value.

Consider if a tactical pause is necessary by asking and answering three often-overlooked, important questions:

  • Can you quickly list the top 3 priorities for the security team? Not 5, 10, or more. The top 3. 
  • How are those priorities aligned to the business?
  • If established at the beginning of the year (or earlier, based on budgeting), are the priorities still the best place to focus between now and the end of the year?

What made sense at the beginning of the year may no longer be the right direction. 

Over the course of the year, the situation changes. Value migrates. Threats change. New opportunities emerge. In most cases, the budget for security remains constant, even as demand increases.

While essential, the process need not take a lot of time (half a day or longer). Ask a few questions, gather the answers, then review, discuss, and emerge with a clear direction.

Here are some questions to start the process:

  • What were the top 3-5 priorities (no more than 5) at the beginning of the year? Why? Specifically, how were they expected to support the business (or organization)? Are they meeting expectations?
  • Since the beginning of the year, what has changed -- for the business, for the team? Any new threats that demand attention?
  • How are those changes impacting the team?
  • What resources are available (budget, people, access to additional help)?
  • What are the 3 steps to take between now and the end of the year? How do they end the year strong? Do they set the stage for a successful 2014?

The purpose of the tactical pause is to take enough time to place focus on the 3 areas that deliver the highest overall value. Otherwise the team ends up unfocused, trying to do everything, and producing mediocre results.

Executed well, it presents an opportunity to reconnect with the business, demonstrate value, and gain confidence in the direction of the team. It regains momentum for necessary efforts and aligns forces for new ones.

Once the general approach is confirmed or reworked, it is important to take a few more steps:check out the series started here, and stay tuned for more)

* Document the expected results - explain why these are the right actions and what should happen as a result. What does success look like?

* Build a plan to measure what matters (

* Communicate any changes to the team and stakeholders - with messages matched to each audience.

An unexpected upside to taking the time now is the possibility to capture some unused end-of-year funds (with a properly constructed argument, of course) or make a stronger case for the right budget for next year.

The right steps now finish the year strong and set the stage for a successful 2014.

What are your 3 priorities to end the year strong? Share them in the comments and we can work together for a successful conclusion to 2013. 

Copyright © 2013 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline