Alik Levin's

Clarity, Technology, and Solving Problems | PracticeThis.com

Threat Model Your Strategic Planning

Threat Model Your Strategic Planning

  • Comments 1

 

I am not marketing guy, nor strategic one – I really do not know why I started to read this post - Why strategic planning fails - may be because my RSS reading technique (How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information) helps me scanning more stuff than I need. It refers the article that describes the reasons for failure. I decided to experiment how my own techniques could mitigate the failure. Here is what I’ve got:

“Reason # 1 – unanticipated market changes”.

I think the main message there is “remember that it is NOT the change in the external environment that erodes business performance – it is the failure to recognize and react to the unanticipated market change”. That is why I love to not be locked and being able to change quickly - AOP, Pipelines, Interceptors, and HttpModlues.

Reason # 2 – effective competitor responses to strategy.

Main message is “what is often poorly thought through is how competitors will respond(!)”. I think my response would be conducting Threat Modeling.

Reason # 3 – insufficient resources.

I think the main message there is “Organizations often fail to provide sufficient resources for BOTH the planning and the implementation phases.. I think Recurring Security Engineering Anti-Patterns I Witness talks just about it.

Reason # 4 – failures of buy in, understanding and/or communication.

Punch line is “A ‘consultant sitting in a corner’ should not do strategic planning, nor should it solely be the preserve of ‘senior management’”. My relative post is Security Language That Every One Understands. The link is indirect one but there is some sort of connection. How one can buy in without proper communication and understanding?

Reason # 5 – timeliness and distinctiveness.

Main message isunderstand your organisation’s genuine strengths”. This one might seem very high level but to me it seems very clear - Security Engineering Big Rocks. The post discusses High ROI Security Activities as an opposite to Security Approaches That Don't Work

Reason # 6 – lack of focus.

This one is straight forward - My life Definitely Changed - Focus Is The Key

May be after 3 years of consultancy for security engineering it is time to move to marketing? Any way they are pretty the same areas which I would summarize as Model, Optimize, and Communicate – MOC.

Ahh... this TLA already taken.