Ep11 - Resilience

We have a bone to pick with the current understanding of being Resilient as it applies to enterprise security. “Resiliency” tries to be a encapsulate how well your organization can defend against unexpected attacks from any where at any time. Some want to point you at the latest tech to add to your stack or list to check against. We have found other indicators that have more impact on your organizations resiliency that any of those.

Notes

• Definition of Resilience 

  • Systems approach 

  • Vision 

  • Taleb “anti-fragile” & resilient 

• Execution is alignment 

  • People, process, tech 

    • We might do this backwards in Cyber 

    • Will as a turn around CEO – how I rebuilt systems and bought software 

  • What we see as keys to successful execution 

    • Vision & systems 

    • Incentives 

    • Shared vocabulary 

• Measuring 

  • This is really hard, and gets harder over time 

  • John Wooden quote – ““Don’t mistake activity for achievement.  

    • “To produce results, tasks must be well organized and properly executed; otherwise, it’s no different from children running around the playground—everybody is doing something, but nothing is being done; lots of activity, no achievement.” 

    • Doing work is easy to measure 

  • Resilient systems – measure how they are getting stronger and more capable, in the absence of a failure 

  • Physical training analog – strength and conditioning? 

  • Taleb “anti-fragile” & resilient 

Summary 

• Take ownership of your resiliency – Extreme Ownership 

• Alignment is the job – flip the script - people, process, technology in that order 

• 2nd job is creating and believing the measurements in the absence of the “negative”