Fresh Thoughts #126: It's a Journey
- Newsletter
"Have you ever gone back and read a university or high school essay?
One that you were really proud of...
Terrible, isn't it.
Perhaps it's not about the essay.
It's not about the result.
It's about the work you must do to write the essay.
The benefit is the process."
- Rory Sutherland, Nudgestock 24
Rory Sutherland posed this hypothesis last week at Ogilvy's annual behaviour change conference.
He argues that the outcome is often less valuable than the process of getting to the result.
In his view, this makes the idea of AI in advertising nonsense.
You may have an adequate or possibly good result...
But have you spent the time to think about your business...
What you stand for...
Why do you do what you do?
These questions are asked as part of the traditional advertising process but are missed with an AI-based straight-to-publication approach.
The parallels to cybersecurity struck me immediately.
A little over two years ago, I argued that my son's swimming certification was not the goal but rather a milestone on an ongoing journey.
More recently, I've found that the conversations between the participants are the most valuable part of reviewing security audits and conducting Conditional Access Policy workshops.
I know the process is working when I hear conversations like:
"We already do that.
Do we? Let's check...
...
We'll get it enforced by the end of the day."
The journey of changing and improving security procedures benefits the IT team and the broader business by creating a dialogue for checking and questioning existing practices.
Different areas within a business have competing priorities, and each group needs an answer to the fundamental question of "Why should we do it that way?"
It is typical for the IT team to be unaware that a process they are happy with exasperates their colleagues in another part of the business.
Important group meetings to agree on new procedures should offer a way to circumvent this tension. But too often, I hear of meetings missed by key groups because they could not fit them into their busy schedules.
Final Thoughts
You will likely have heard the phrase, "Cybersecurity is a journey".
Which is so overused that it has become a trope.
But, ultimately, it is correct.
The value of cybersecurity is the process of asking fundamental questions about how you want to operate as a business.
The benefit is the process.
And... it is a journey.
July 9, 20242 Minutes Read
