Whether it’s a go/no go meeting, a change advisory board, a stand up or a monthly budget meeting… security staff are listening for that key morsel of information that calls for interruption. Be it a request for clarification or raising a material risk in a project, security staff have been quietly interrupting for good reason since the dawn of time. It could be the use of customer data in a new way, a new technology being introduced or the engagement of a new vendor….all of which are more than enough reason to raise a question, investigate further or indeed interrupt. The intention is never to disrupt. The intention is to ensure that the business considers the risk that a change could introduce.
At times, interruption causes scrambling to address risks - to fit square security pegs into round project delivery holes. But interruption, if early and often, can be a saving grace when it comes to things like financial and operational impact and business reputation.
For leaders, interruption can be in form of updating the board or audit committee - a small, frequent, face to face reminder about the value security brings to the business. For architects, interruption is often required at project scoping meetings and during procurement of third party connections. And for analysts, interrupting peers or management to say “we found something in the security monitoring you should take a look at” could be the most important interruption of all.
The term interruption may bring negative connotations to mind. The truth is, these so called interruptions from security staff consistently add value, minimise risk, raise awareness, prevent disasters, cause light-bulb moments, the list goes on.
Given the extensive (and expensive) business interruption that can be caused by a breach, isn’t any interruption from your security team a welcome one?