Speed-to-cyber-value and the Principle of Least Complexity

Speed-to-cyber-value and the Principle of Least Complexity

Do you want to accelerate the speed of your cybersecurity program -- or anything else at the office? I have two great suggestions for you, that really work, BUT are extremely hard to implement.

Ready? Here they are: the first one is to simplify. The second one is to adopt Jeff Bezos' "70% Rule".

(Obviously, there are many more ways to increase speed, but for a LinkedIn post, let's start with these two).

"Simplify" is a general objective and will require some explanation, but I don't want to copy-and-paste a book here. To keep it simple, what I am suggesting is to simplify the constraints that are in the way of your team(s). The starting point of that process would be recognition that for years we have been adding layers of complexity at work for a variety of reasons, both valid and not, and this complexity is slowing us down. You may be asking yourself, what I am talking about? What am I suggesting we simplify at work? In short, everything that is getting in the way. Simplify your strategy, your tech stack, your process, your supply chain. Simplify your corporate identity, your operations, and your toolkits. Author and consultant Richard Koch wrote a book focused on simplifying your price, and your product offering. Please remember that "Simplicity is the ultimate sophistication". That is why it is so hard to implement. That's why complexity eventually takes over.

In information security we have the principle of "least privilege". The principle is a directive that states that users and machines will have access to only those resources absolutely required to perform their business functions, and nothing else. What I am suggesting is that we implement a principle of "LEAST COMPLEXITY": our work should have the least amount of complexity so we can deliver value to our customers and stakeholders.

My next observation is that complexity exists in two subjective categories: necessary vs. unnecessary. The power behind the principle is that we would use it as our compass to navigate both categories, and get rid of all the unnecessary complexity that is slowing us down.

My second recommendation is to adopt Jeff Bezos' 70% Rule. To keep it short, let me quote the man himself: "Most decisions should probably be made with somewhere around 70 percent of the information you wish you had…if you wait for 90 percent, in most cases, you’re probably being slow." – Jeff Bezos.

There is a longer, better explanation in this LinkedIn article: https://www.dhirubhai.net/pulse/making-better-business-decisions-jeff-bezos-70-rule-zegarelli/

Note: Last weekend I posted about a great book, Move Fast and Fix Things, by Frances Frei and Anne Morriss, and they also mentioned the Bezos' 70% Rule in there. It's clear that if you want to move fast, you need to develop a method to make decisions faster.

Perhaps you are thinking "easier said than done". Speeding up is not easy, but it could be your competitive advantage.

Happy simplifying in 2024!!


#accelerate_excellence #productivity

#leadership #devops #Innovation #FutureThink


Marco Lattavo

Cyber Guardian: Shielding The Digital Realm @ Definity | Making the Complex Simple

8 个月

Couldn't agree more. Complexity is to Security what Kryptonite is to Superman.

Curtis Collicutt

Facilitating Security Outcomes | Security Solutions Engineer @Sysdig

8 个月

Love the idea of "least complexity." I flip-flop from one side, where we make things simple to the other side, where we can't destroy complexity, only abstract it away, it's still there. It seems as engineers we will continue to add more and more complexity though, some kind of unavoidable basic of human psychology.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了