Leverage Cybersecurity Spending

by | Aug 10, 2022

Executive Summary

A diamond only shines to the extent that it’s in the right setting.

Getting full leverage from your cybersecurity spending works on the same principle. The optimal setting for cyber technology requires adapting processes and fully engaging your people. These are often given short shrift in the implementation plan.

This is the core of cybersecurity maturity and it’s relevant in the evidence that must be collected for CMMC (Cybersecurity Maturity Model Certification).

This is the shortcoming of every silver bullet scenario.

A common failure which prevents full return on investment (ROI) for technology is that the tech isn’t embedded fully in the right setting.

 

Read More:

What’s the challenge in getting full ROI?

  • 💎 The skill set and tools of the diamond cutters (the folks that build the technology) are very different from
  • ⚔ The skills set and tools of the goldsmith that makes the setting (gold is so soft as to be a fluid when molten; that’s a pretty good analogy for what’s it takes to work well with process and people change)
  • 👑 The skill set and tools of the jeweler who embeds the gem(s) so they stay long-term and shine brightly (that is, give full ROI) in their setting are different again.

Why is SecuiThink positioned to do better?

We’re jewelers.

We kept noticing the breakdowns in technology projects and looked for the skills and tools needed to fix each gap we encountered.

We studied the crafts of both the gem cutters (technologists) and the goldsmiths (behavioral scientists).

We renamed our company Humanikey Corporation because we saw the skillful involvement of humans as key to the success of many, probably most, technical initiatives.

What does that mean for cybersecurity?

This is the skill set that got us involved in our first cybersecurity assignment over 10 years ago: increase the cybersecurity maturity of an organization.

 We started at a rating of 1.6 on a 5-point scale and worked our way up to just over a 4. We stopped there on purpose; diminishing returns.

How can Securithink help?

The SecuriThink division of Humanikey evolved along with our track record on cybersecurity projects. We believe Security begins with a mindset, not a department. When this mindset is in place, it’s your Cultural Armour™. We support CxOs, Board Directors and owners who seek surefooted guidance to build Cultural Armour.

 Just like diamond cutters, goldsmiths and jewelers, we have specific, concrete tools and skills that can be taught and cross-trained.  Or you can hire us to do it for you and make it look easy.

 There’s no need to over-engineer the solution. Hyper-practical planning rules. A minimalist setting is often the most beautiful.

 Just know you won’t get the same outcome if you skimp; you don’t get a great ring by putting an uncut diamond next to a lump of gold.

What’s actionable?

  • If your organization is already working to improve cybersecurity, then sharing this analogy with stakeholders may help the medicine go down that much easier
  • If you’re getting pushback on allocating effort and resources to architect the people and process dimensions of your cybersecurity or technology project, sharing this analogy may help facilitate the conversation about getting the most from the investment.
  • If you want more, sign up to be notified of new Field Notes for more insights on how we make the business case for cybersecurity to business decision makers.
  • If you have comments, please join the discussion on the relevant LinkedIn post here:
    https://www.linkedin.com/posts/lindarust_cmmc-cybersecurity-grc-activity-6963165200275435520-f_aH