Drive it like you stole it.
IT budget is harder to come by than a talking unicorn. Seems like we’re doing it wrong.
For clarity, we work in an industry that fights threats 24x7x365 against bad actors that are better funded with a focus on massive disruption, theft, or the mere thrill of exploiting your weaknesses.
Yet – we can’t get any money.
Even with some compounding factors from Gartner:
- Average tenure for an IT executive is <5 years
- 4M open positions
- The highest turnover the industry has ever seen
One would think we’d be first in line for budget? (Remember the talking unicorn.)
But unfortunately, when we do get some magical year-end table scraps we don’t spend it wisely.
With such an educated crowd, why do we keep missing the mark? One woman’s opinion, 2 key reasons: we don’t have a plan and we don’t have a message.
Plan Shmlan:
Planning is not for the birds and no you shouldn’t build the airplane while flying it. Plan the work, work the plan. With no plan, what are you focusing on? How are you depicting ROI to leadership? Is there any mechanism to display success? The optics appear to be budget burned for triage, not long term investments into efficiency or increased protection.
With any remaining budget or your new year’s budget, invest in external assistance with creating a programmatic strategy for your security and identity initiatives. This includes both process improvements and technology investments.
No funding for external support? Schedule time with your team to create the plan together. Ensure an internal facilitator (outside of your team) can keep the discussion moving and obtain feedback from all critical stakeholders to identify your goals, areas of improvement, and obstacles to success.
Tactical plans to cover a year’s worth of activities plus a long term 3-5 year strategy for continuous improvement will keep you focused on consistent incremental improvement. A cyclical review of the plan ensures you’re adapting to growth, operational objectives, industry or economic changes and greatly assists in your long term success. By creating a roadmap to visualize and publicize across the entire organization, you can ensure everyone is aligned to your objectives.
Messaging Means Movement:
Speaking of publicizing a message, as an industry, we are notoriously bad at marketing. With no plan, no message, and no spokesperson to articulate why our needs are critical, how can we expect to find our talking unicorn?
If we build on the first step of creating a plan, we are armed with the strategy for what we need funding for. We have a detailed list of programmatic security and identity related initiatives that result in success categorized by risk or impact of a lack of action.
Defining “success” means tying our IT objectives to operational objectives or business goals. IT success should be aligned with business success. How are we protecting or facilitating the generation of revenue? Are we increasing operational efficiency? How are we facilitating growth?
Building a message that clearly defines the business impact of our objectives results in universal success and support.
As we slam into December, if money falls in your lap, think about how you can unify your organization. Security demands are evergreen but so is generating revenue. A sound security and identity strategy that also protects and facilitates business objectives? Now that’s worth a whole stable of talking unicorns.