Golf as a Metaphor for Security Programs
We’ve written here about building security programs for our organizations based on a systematic comprehensive approach. But that notion has a lot of moving parts. Sometimes IT groups tackling security issues need a few simpler instructions to get started.
So I’ve been thinking some simple instructions for perfecting one’s golf swing as a metaphor for life already, and it occurred to me that what I’m going to discuss might work for security programs too. Full disclosure – thank goodness I’m a better security architect then I am a golfer.
In fact, I never meant to even play golf until we moved to our home near a public golf course years ago. My son Jack was nine years old at the time and we were playing on the soccer field across the street from the course; he saw it and declared: “I want to play golf!” Eventually, I taught him, learning myself in the process. Fast-forward to today and he’s in his 20s. We go out on the course after many years of not playing together and behold! I’ve forgotten some things, but his game has improved. Now he’s coaching me.
“Dad: make sure your feet are lined up straight. Visualize your shot. Model the shot, keeping your arm very straight. Take your shot but keep your eye on the ball.”
Jack’s advice cut to the heart of some problems he’d observed with my swing. I carefully wrote his advice down after finding it so helpful. I also thought this advice was nice and succinct. Just a few simple instructions. Think about how they might cover other things in life and business:
- Set your stance: Define your principles, know your capabilities, understand your business.
- Visualize: Define your goals, what does success look like?
- Model your shot: Describe the form of achieving your goals, the architecture, the plan.
- Keep your eye on the ball: Continually measure and assess your progress, remember what you are, where you’re going and what you need to be doing in the flow.
Security teams can use this advice too.
- Set your stance: What business are you in and how does security support the business? Who’s in charge of your security function and how is it coordinated with IT and business management? What resources do you have to work with right now?
- Visualize: Define the guiding principles for the security program, the high level security policies and security road map?
- Model your shot: Describe the form of achieving your goals, security policies and guidelines, architectures, and detailed plans.
- Keep your eye on the ball: As you develop, implement and iterative refine the policies, architectures and road map continually measure and assess your progress.