Security Lessons from a Division 1 Football Coach

Eliminate distractions.  Create Energy.  Fear Nothing. Attack Everything.

The presenter who spoke before me this week at the Rackspace kickoff was Coach Dan McCarney, a former Division 1 US college football coach, and he talked about the lessons he learned while leading winning teams in the challenging (and always changing) world of college football.  It was a solid presentation, and there was one area that stuck with me as particularly relevant to our challenges in security.

Coach McCarney was talking about how he instilled the right approach in his coaches and players as they look forward to the next opponent, the next game, even the next play.  He told them to focus on four things: Eliminate distractions, create energy, fear nothing, attack everything.  As I stepped up on stage as he finished, I was thinking about how this could apply to our daily security battles.  Here’s my take:

1. Eliminate Distraction

Security is nothing if not noisy, contentious, and occasionally chaotic.  Create your plans, establish your feedback loops, watch for changes, but don’t be distracted by random events or shiny new products.  Stay focused!

2. Create Energy

There is too much defeatism in security, the result of years of investment and effort that never seems to be enough.  Apathy follows.  We know we can be better, and when we map our goals to the goals of the business, positive results and energy follow.  Create the narratives and the objectives that engage and energize your teams and partners.

3. Fear Nothing

Security teams are too often an afterthought, a second-tier player at the strategy table.  We change that when we arrive at discussions armed with recommendations and rationales that speak in the same language as other business priorities: risk management, cost savings, and growth.  Don’t be afraid to learn the business and make your voice heard at the adults’ table.

4. Attack Everything

Ok, so in security there are far more targets than we can productively address, but we should consider security from all perspectives before we make our plans.  Think beyond the usual security controls and implementations to innovative ways that you can apply your own creativity and knowledge of security to create a secure environment that is tailored and meaningful just for you.

It’s an aggressive approach that’s a contrast to our traditional defensive security mindsets, but I think these are ideas that can help us to be more proactive, more dynamic, and better defenders of the companies we’re looking to protect.

About the Author

Jack Danahy

As SVP, Security, Jack Danahy engages with customers and the industry on company product strategy. Danahy is an innovative security technology leader with proven success creating, delivering, and promoting new security technologies and practices to address critical needs. He has founded and co-founded three successful security companies, holding CEO and CTO roles. Most recently, he was CTO at Barkly and previously at Qiave Technologies (acquired by WatchGuard Technologies in 2000) and Ounce Labs (acquired by IBM in 2009). He is a frequent writer and speaker on security and security issues and has received multiple patents in a variety of security technologies. Prior to founding Barkly, Danahy was the Director of Advanced Security for IBM, and led the delivery of security services for IBM in North America.

More Posts by Jack Danahy

*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Jack Danahy. Read the original post at: