Menu
Categories

Golf as a Metaphor for Security Programs

Published September 1, 2014 | By Dan Blum
Golf and security programs. They have one thing in common – very hard to get right!

We’ve written here about building security programs for our organizations based on a systematic comprehensive approach. But that notion has a lot of moving parts. Sometimes IT groups tackling security issues need a few simpler instructions to get started.

So I’ve been thinking some simple instructions for perfecting one’s golf swing as a metaphor for life already, and it occurred to me that what I’m going to discuss might work for security programs too. Full disclosure – thank goodness I’m a better security architect then I am a golfer.

In fact, I never meant to even play golf until we moved to our home near a public golf course years ago. My son Jack was nine years old at the time and we were playing on the soccer field across the street from the course; he saw it and declared: “I want to play golf!” Eventually, I taught him, learning myself in the process. Fast-forward to today and he’s in his 20s. We go out on the course after many years of not playing together and behold! I’ve forgotten some things, but his game has improved. Now he’s coaching me.

Dad: make sure your feet are lined up straight. Visualize your shot. Model the shot, keeping your arm very straight. Take your shot but keep your eye on the ball.”

Jack’s advice cut to the heart of some problems he’d observed with my swing. I carefully wrote his advice down after finding it so helpful. I also thought this advice was nice and succinct. Just a few simple instructions. Think about how they might cover other things in life and business:

  • Set your stance: Define your principles, know your capabilities, understand your business.
  • Visualize: Define your goals, what does success look like?
  • Model your shot: Describe the form of achieving your goals, the architecture, the plan.
  • Keep your eye on the ball: Continually measure and assess your progress, remember what you are, where you’re going and what you need to be doing in the flow.

Security teams can use this advice too.

  • Set your stance: What business are you in and how does security support the business? Who’s in charge of your security function and how is it coordinated with IT and business management? What resources do you have to work with right now?
  • Visualize: Define the guiding principles for the security program, the high level security policies and security road map?
  • Model your shot: Describe the form of achieving your goals, security policies and guidelines, architectures, and detailed plans.
  • Keep your eye on the ball: As you develop, implement and iterative refine the policies, architectures and road map continually measure and assess your progress.
Posted in Dan Blum | Tagged , , ,
Subscribe to Blog Notifications...  HERE
Recent Posts
Search
Categories
Archives
Tags
Active Directory anti-malware APT audit authentication authorization blockchain breach CISO cloud computing cloud security compliance cryptography cyber-insurance cybercrime cybersecurity DLP encryption endpoint security FAIR federated identity governance IAM identity management incident response IoT malware mobile security NIST CSF OAuth PAM personal protection privacy privacy by design privileged access management privileged account management privileged identity management rational cybersecurity risk management RSAC security architecture security governance sharing social login vulnerability management