Eliminating the Inefficiency of Work-in-Progress in Cybersecurity

Some time ago I read “The Goal: A Process of Ongoing Improvement” by Eliyahu M. Goldratt. My big takeaway: Work-in-Progress or WIP items slow production. As the theory goes, you can be swimming in “efficiencies”, but if you’re stumbling over excess work-in-progress inventory or you’ve ignored a bottleneck, you’re nowhere near your potential.

This is clear enough in manufacturing. But these concepts can be applied elsewhere.

Photo Credit: Kristin & Adam

Demands on IT departments are growing exponentially. As technological advances accelerate, IT professionals are required to keep up. This isn’t one area, but in several areas at once. IT pros are pursuing cutting edge analytics and at the same time pushing traditional on-prem infrastructure to the cloud; while also balancing an undercurrent of spurious applications and solutions. Not just balancing, but seeking to meet an expectation of “subject matter expert” level knowledge/expertise with each new IT initiative.

This drives inefficiencies into IT. I’ll focus on cybersecurity within IT since I’m a cybersecurity analyst.

In order to win, security teams need a system for how they arrive at priorities. Priorities reduce work-in-progress items; they also minimize bottlenecks. IT departments tend to develop rockstars who don’t do all the work, but significant amounts of work pass through them. When many projects are going on at once, rockstars become “constraints”. (See “The Phoenix Project” by Gene Kim and Kevin Behr.)  The other constraint is tools-in-progress. The tendency is to push for breadth over depth. More tools, less expertise in each tool.

When tools are viewed as 80-90% of the solution, the requirement of analysts’ time is easily overlooked. When it comes to cybersecurity, organizations can easily end up with a myriad of tools. Each of these tools becomes a work-in-progress or tool-in-progress item. Tools can add value, but if there are too many, they can actually lower the aggregate value of a team. The way to overcome this is through a highly effective system of prioritization. Knowing what to prioritize takes time. But for each tool, there if there is a sharp focus, chances creating value go up considerably.

Challenge teams to not let the perfect be the enemy of the good. Dare to set some things aside in order to arrive at critical priorities. Zero in on these priorities. They may change over time. This isn’t an issue. But if they’re changing too frequently, you’ll get stuck with a stifling inventory of work-in-progress items. Make a best-effort attempt to document this and quantify it so it doesn’t keep happening.

With a clean set of priorities and a careful reduction of WIP items, all things are possible!