“The Phoenix Project”: A Singular Opportunity for Transcending Failure

This is not a book review.

This is a fork in the road for every IT security professional – and the clock is ticking:

We can make excuses; or we can make changes.

Security is hard – increasingly so. At times it feels as if we’re pre-ordained to failure. In our bones we know it doesn’t have to be this way. Yet year after year, we remain marginalized and at odds with the business. Thus far, we’ve struggled to find anything resembling a game changer.

Here is your game changer:

The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win


While we hate to admit it, we know our security “Best practices” aren’t – that “Good enough” isn’t.  Our dependence on IT is growing faster than our ability to secure it. Moreover, the consequences of our failures have grown more severe.

There has to be a better way. For those of you who know me, I am convinced our current approaches cannot scale and have dedicated myself to help get the security community un-stuck – to reframe the issues – to experiment – to find a better way.

In 2007, a mentor told me if I truly want to transform the way security is done, I must read The Goal. What the HECK could a novel about the failing US manufacturing industry have to do with security?! But Eli Goldratt’s Theory of Constraints and continuous process improvement fundamentally transformed and rescued manufacturing, as we know it.

As “The Goal’s” spiritual successor for IT, Gene’s “Phoenix Project” outlines our fundamental transformation. This sorely needed narrative meets us in our compliance-distracted, security-debt-saddled despair but credibly paints our journey of redemption through the “3 ways” – grounded in fact and real world successes.

While we focus upon (and wallow in) failure, Gene has been seeking and studying achievement. While we remain isolated within the security echo chamber, Gene has studied high performers outside of it. Gene’s seminal research in Visible Ops on high performers in IT was just the beginning. For the last few years, Gene has been a force of nature within the DevOps revolution. It has been my honor and privilege to collaborate with him.

Gene Kim is our quintessential boundary spanner. His novel puts our security struggle into the broader context of the conflict between IT and the Business. It is cathartic and uncomfortable, but also instructive and inspiring. IT is undergoing a transformation with DevOps; where Development and Operations have figured out how to work together in ways that not only eliminate conflict, but allow organizations to drive value and do things they didn’t think possible. It is their philosophy and attitude that are most essential and can serve as a blueprint for any of us – in any type or size of organization.

This IT revolution is the moment security has been waiting for; the likes of which we may not see again for 30 years. We have a singular opportunity to change with it. What’s more, the DevOps pioneers are embracing Rugged DevOps with open arms. Are we ready to evolve and be embraced? If not now, when? If not us, who? This revolution has started without us, but it is not too late. We can break out of this death spiral.

To this end, Gene has made the first half of the book free for security professionals to read and share.
Download link HERE.

Read this book, now. Give it to your boss, your CIO, your CEO, and your peers.
Don’t be surprised if you can’t put it down. You will not look at your role the same way again.

There is a better way. Join the tribe.


Joshua Corman


*** This is a Security Bloggers Network syndicated blog from Cognitive Dissidents authored by joshcorman. Read the original post at: