Tips on how to prioritize your network security initiatives

All things considered, all we really have is our time. As IT and information security professionals, time is our most precious and scarcest resource. So, why is it that so much time is squandered in our profession? Time in meetings, phone calls, you name it – we’re constantly spending time figuring out how we’re going to spend our time. Why “do” when you can just “meet”? If you put things off long enough, those pesky preoccupations might just go away. Then you can start thinking about what you may or may not do next. You can talk about getting things done or, if you want to see results, you can just do them.

As an information security consultant, I truly believe that decision-making, time management, and goal management are the seeds of greatness in IT and security, yet they’re very hard to come by. We have no shortage of smart people who can perform untold technical security tasks. Yet, these people could be in the middle of the most important projects they’ve ever worked on and all it takes is one phone call or one email to send them running off in a completely different direction. I don’t know whether it’s a lack of focus, discipline, or management oversight but there are a lot of super sharp professionals in our field running at minimum efficiency. This has to change – at least if you want to get things done and not have even more security challenges pile up.

Without getting off too far into the details of time management, goal setting, and productivity, there are three questions you can ask yourself to determine where you need to focus your energy:

• Does it have to be done now? If you don’t do it now, will there be consequences?
• Can it be done later? If you don’t do it now, will there be consequences?
• Can you put it off indefinitely? If you do so, will there be any consequences?

By applying these three simple questions to your list of network security initiatives, you can gain a tremendous amount of clarity on what you need to be working on. Be it firewall upgrades, penetration tests/vulnerability assessments, or implementation of the latest and greatest security technology, the more time you spend planning and prioritizing what you need to focus your efforts on, the better. As German writer, Johann Wolfgang von Goethe, once said: The things that matter most must never be at the mercy of the things that matter least. Not taking this concept seriously is precisely what gets many people (and businesses) into trouble. It can also be found at the root of many – arguably all – data breaches.

Most people know what needs to be done. Odds are good that they also know how to do it. What’s often lacking is discipline. The discipline to get started and the discipline to see things through. A lot of people get trapped in their own thinking and don’t know where to begin. Surely you have several network security initiatives on your plate right now. See what you can accomplish with those initiatives in the next 24 hours. Write them all out. Prioritize them. Determine additional information that’s needed. Ask the questions above and then get to work. You don’t need to set up a meeting in order to get started. As the famous Nike slogan says: Just do it.