Tool should not be the first thing to consider.

“A fool with a tool is still a fool”?

?In information security, organizations are inclined to acquire tools without understanding the rationale or the function of each tool. In other words, when we adopt a particular tool without understanding the problem we're trying to solve, we fail to comprehend the intended purpose and pain points.?

In a situation, when you as a technology professional are more tool centric and you may have more experience with one tool as compared to others, it is so critical to understand that new tool, a piece of software or a technology is solving what sort of problem and area and how it is going to make your life better.

When an organization becomes more motivated to implement any state-of-the-art tool and technology without identifying problems, requirements and business impact, it disturbs enterprise architecture values and creates misalignment between the needs of a business and Information Technology.?

Understanding the people, processes, and technology layers is essential for IT security professionals. A professional's responsibility is to analyze the problem thoroughly, map it to the current process, identify the gaps, and identify the potential business impacts in detail with a recommendation and mitigation strategy. As a part of mitigating strategy understand the needs of acquiring and implementing an appropriate tool or technology.

?Think more, rather than following a crowd.!

?The Crux Of The Matter?

Be Responsive than Reactive!

?Many organizations try to buy the most sophisticated product of it’s type in a flash: for example, Asset Management tool is acquired but the formal process and understanding of current state flow is missing. Rather than starting from business needs and understanding of a problem, the team acquired a tool that might not be appropriate for business and IT needs. This resulted in more technical debt. As a result, the tool will sit and collect dust for the next six months by being unused.??

?So, what can be done??

?Identify the exact problems to be addressed before approaching the pre-sales team of a service provider or vendor for a product demonstration. Then you must engage all stakeholders (internally and externally) and receive their feedback and map it to the problem sphere. Engage the Business Analyst at this point, if needed, and have in-depth conversations with all stakeholders about the requirements and set expectations, if any.?

?Understand The Present Day?

?What do you want? Why do you want??

?I cannot overemphasize enough how pertinent these questions are. Asking these questions of your stakeholders will help them become more aware of challenges, opportunities, and problems. Taking this route will help you to enhance the value of your IT-enabled investments. It will set up the variables so that problem solving will follow quickly, and tools, systems, pieces of software, or technology will follow.?

By not focusing on the what and the why before deploying yet another tool or service that will ultimately cause more problems.?

?Understand The Problem.?

?Oh! You don’t understand the problem, eh? You can’t solve it.?

?So, it is not about tools and technology. It is all about risk-based approach and problem-solving attitude. Any tool should help you to solve the problem and achieve the ultimate objective, but only once you understand the problem in its true sense.