It's another year and another great opportunity to get security right in your organization. As you return to work with a cleared mind and good intentions, building (or maintaining) an effective information security program in the New Year is not unlike my favorite passion: car racing. You not only need to get off to a good start but you also need to keep up your momentum...lap after lap on the track, week after week at the office. The only difference is car races must come to an end. Information security programs must withstand the test of time.The question is: what are you going to do this year to make things better?
On New Year's Day, I received an email newsletter from, Ross Bentley, a very accomplished racecar driver and probably the world's most well-known racing coach and instructor. In this email, Ross talked about the difference between the best drivers and the rest and I think it ties in nicely with my long-time talking points about information security. Here are some of Ross's words:
As I reflect on what it's going to take in 2017 for me to become a better information security professional and racecar driver along with how I can advise my clients on how to improve their information security programs, I couldn't have said it any better or any differently than what Ross said. Over the past 11 years, Ross has (unknowingly) taught me just about everything I know about racing cars. Take his advice, combine it with what I've been saying about information security basics, and add in some discipline and persistence day after day and you'll no doubt improve your information security program this year.
There are 3 things (not surprisingly) that make the difference:1. They focus on the basics. The advanced stuff is just doing the basics better.2. They're committed to learning. They make learning an objective. They know that the more they know, the better they will get.3. They prepare.
For further reading, here are two pieces that I wrote on setting - and achieving - goals that you might enjoy:
8 steps for accomplishing your IT career goals
Setting and Achieving Realistic Information Security Program Goals for 2016