Living La Vida Loca

A comprehensive strategy can make your busy work life easier

When it came time to write that check, he asked for the full amount and did not deduct the $200 we agreed was the sales price of the snow blower. He explained we still had a deal on the snow blower, but he needed the money to pay off his subcontractors. When I asked when he wanted to purchase the snow blower, he replied that perhaps next week would work out, or maybe when the final payment was due. He wasn't really sure. He left and raced to the bank and cashed the check while the ink was still wet.

We still are not done with the project. Fred has scheduled his arrival and followed up with an excuse more frequently than he has been on time. Even when he is on the job, he has to run to the hardware store at least twice a day for everything from drill bits to paint. Instead of making a list and going once, he waits for the project to stumble to a halt, then jumps in his truck and disappears for two hours, ostensibly to get needed items from the store. His subcontractors use that time for smoke breaks, trips to fast food joints, and cell phone calls.

Some people would call Fred lazy, but I would disagree. I personally believe he is a very, very busy man. I cannot imagine the amount of effort it takes to come up with all the excuses and deal with all the conflicting priorities he creates for himself. His hectic schedule is mostly a self-inflicted wound.

As a security professional, I often listen to my colleagues complain about their busy schedules: meetings, reports, travel, personal life, and ultimately, security crises. When you have security responsibilities, crises are always a looming schedule killer. The issue is not if there will be a crisis, but when.

How you prepare yourself for these career-specific challenges can make the difference between a well-orchestrated response and unbridled panic. You already know about the importance of well-documented and tested disaster recovery plans, but that is not really the angle I want to explore. If you do not want to live la vida loca at work, you also need to plan for the more mundane, day-to-day crisis management challenges.

The most important element to make you work life easier is a carefully planned, written and promulgated comprehensive security strategy. This makes achieving and maintaining management support much less burdensome. Instead of being called on the carpet to justify your actions and reactions on a recurring basis, your strategy allows you to point out how your activities implement their previously approved plan. Problem solved.

Another key aspect of making your work life easier is making sure you are able to keep your protection commitments. As experts, we are aware all risks cannot be eliminated, so prioritizing your projects is not only a good idea, it is vital. Ensure you have the necessary leadership support and fiscal resources before tackling that large identification card program or that intrusion detection system install. If you have to make excuses for a delayed roll-out or faulty installation, few will remember the budget cuts, staff changes, or the departing vice president who approved the initial project. Spending extra time on the front end of the effort can often save you many hours of overtime and crisis management later on.

Some people seem to enjoy being in the center of their own personal maelstrom. They create problems and then fly off, expending innumerable hours trying to extinguish the brush fires that constantly seek to engulf them. However, the security business almost always provides enough excitement to keep even the most thrill-seeking among us sated. If you fail to plan, you can plan to have a wild ride.

John McCumber is a security and risk professional. He is the author of Assessing and Managing Security Risk in IT Systems: A Structured Methodology from Auerbach Publications. Mr. McCumber can be reached at