by Chris Veltsos
May 19, 2021
Photo credit: Geneva Flower Clock (Geneva, Switzerland) by Phil Veltsos
Centuries before dreaming of endless cycles of technology and business disruptions, humans dreamed of beautiful and plentiful gardens. Fast forward to 2021 and in addition to flower gardens and vegetable gardens, humans have built and grown technology gardens. Those gardens support the daily needs of organizations large and small, and enable them to compete and thrive in a global marketplace. Yet, much like regular gardens, our technology gardens suffer when we fail to properly plan, care for, and improve them.
This article encourages you to tap into and leverage those centuries of conditioning by similarly dreaming of and tending to your organization’s technology gardens. How appropriate since it’s springtime in Minnesota!
What Are Your Garden Dreams Made of?
Before humans could collect and enjoy the bounty of a summer’s harvest, they first dreamed of what that harvest would provide. What are you looking forward to enjoying? Fruits, vegetables, herbs? A mix of them all?
Tech Garden View – Dreams & Needs
When it comes to dreaming about our technology gardens, there are two key questions we should be asking ourselves well before planting season begins.
- What kind of garden will you need? — Your technology stack will need to support your organization’s needs for a number of years. This means building in enough capacity and enough flexibility to stretch that technology stack. Moving infrastructure to the cloud has allowed organizations to benefit from nearly infinite elastic capacity, yet budgets are finite, and so are the resources needed to properly provision and monitor the technology stack.
- What kind of garden would you like to have? — There’s a difference between the must-haves and the nice-to-haves. The previous point had you dream about your organization’s must-haves, yet you should continue to dream about what else could/should be in your technology garden, even if this year is not the year to make it happen. That should be part of your garden plan, which we’ll call your technology garden roadmap.
Plan Before You Plant
Speaking of roadmap, you did have a plan for that garden, right? Or did you plant the tomatoes near the edge — where the deer can snack on them — and the zucchini smack in the middle where it took over everything else and stayed hidden until they’d grown well past their prime? What about the amount of sunlight and whether the plants have enough space? Do you have the support cages for the tomatoes? A plan, even a mediocre one, will go a long way towards having a more enjoyable and productive garden experience.
Tech Garden View – Planning Your Tech Stack
What was on your technology plan? Were you able to implement your entire technology stack? How has your technology supply chain been affected by recent disruptions? How was the plan modified to take that into account? How was the rollout experience? Were things timed correctly, according to the plan? Has the plan been updated to reflect the reality on the ground — and in the cloud?
Caring for Your Garden
If you’re like me, your dreams and plans for a plentiful vegetable garden quickly meet with the harsh reality of caring for and monitoring that garden. Have the plants received the right amount of water, especially if it rained recently or if it’s about to? Do some plants need fertilizer to boost growth? Do some plants need pruning, to encourage just the right amount and right kind of growth? And of course, are we regularly going through and pulling out weeds?
Tech Garden View – Caring & Monitoring
Much like gardens, technology stacks need to be cared for and monitored regularly. And that’s a perfect spot to engage with your cybersecurity function. Weeds? Birds? Your cybersecurity team will be the first ones to spot them and deploy the appropriate incident response (IR) measures. And how will you know if those IR measures were appropriate? Because you’ll be documenting the time to detect, the time to remediate, the IR process itself, and doing the lessons learned afterwards.
A thriving technology garden requires good governance, yes from a pure technology governance perspective, but also with all of the interrelated aspects that stem from good cybersecurity strategies (and practices), as well as good risk management (preferably using an enterprise or integrated view). A poorly chosen or poorly implemented technology stack is a risk that can derail today’s globally competitive organizations.
Reflect & Refine After the Harvest
Just when we Minnesotans think we can no longer stand another mosquito or another hundred-degree day, the summer growing season will come to an end. Right after the harvest is the perfect time for us to reflect on and refine our garden plans and just how well things worked out (or didn’t). Time to reflect on whether our dreams were too ambitious for the space we had, the area we chose (including the soil quality we inherited), and our choice of plants/seeds. How well did we do with the spacing of the plants, the timing of what we planted? And ultimately, did we enjoy the fruits — or vegetables — of our labor.
Tech Garden View – Don’t Forget the Debrief
All technology must serve a business purpose, especially investments in your cybersecurity tech stack. As you get ready to deprovision or simply to transition from one technology stack to another, take the time to draw out the lessons learned. How well did your technology choices and implementations meet your business objectives? What could have been done better? Was there a way to realize that value sooner? How can those lessons be integrated into your next technology deployment cycle?
Wishing you a great growing season and a bountiful harvest, whichever garden you’re tending to.
Chris Veltsos is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches cybersecurity courses and oversees a graduate program focused on cyber risk.
Beyond the classroom, Chris shares his advice with community groups, business leaders, as well as IT and security professionals. He is passionate about helping organizations take stock of their digital risks and manage those risks across the intricate landscape of technology, business, and people.
Chris has co-authored three books and authored over 100 blog articles published in various outlets including IBM’s Security Intelligence blog and the Harvard Law School Forum on Corporate Governance. His work has been mentioned by the National CIO Review, the Council of Institutional Investors, the D&O Diary, and the National Association of Corporate Directors (NACD).
Connect with him on LinkedIn at: https://www.linkedin.com/in/chrisveltsos/