The 5 W’s for DIYing your cybersecurity decision-making!

I consider myself a “do it yourselfer”, or a DIYer. Not a particularly good one, but I have access to YouTube, knowledgeable friends who are a great sounding board, and a willingness to learn new things. Because of the projects I choose to DIY, if I screw something up, there is a limited downside. That’s not always the case in a business context – our decisions have a real impact on the bottom line, our employees, customers, and their data! 

One of the projects I decided to try and DIY was replacing the rear-camera on my Chevy Tahoe.

Camera check!

I went through a process when deciding if this is something I should tackle myself or leave to a professional. Questions like:

  • Is this even a big enough problem for me to worry about right now relative to the other things on my “list”?
  • How expensive is it to have someone else fix this?
  • What would it cost for me to do it myself?
  • Do I have the right tools and time to do this?
  • Will I make it worse and create more headaches? 
  • Do I know the right generalist or specialist I’d go to if I didn’t try this myself?

The questions continued in my head for quite some time, trying to figure out what the best path forward was.  

As I went through all the open questions in my head, I realized through that process, the way that I decide to manage a project myself or hire a professional has parallels to the process that my team uncovers when they’re talking to our prospective customers about their own “rear-view mirror” problems. I wanted to see if there were actually similarities.  

We gathered the team together virtually over a few refreshments and talked about the best questions that prospects asked us during their evaluation. We looked for themes.  

The 5 W’s

I’ve put the intent of the questions into five big buckets centered around 5 W’s and a bit of color commentary. My hope is that as you are going through your own evaluation process and determining what kind of help you might need (or if you even need it at all) that this might spark ideas for you to consider. The list of actual questions that you’re likely to ask is much longer, but I can’t imagine many people would be interested in reading all of that from me.

  • Why should we do this? What are the trends that have driven you to this point? Are you solving an immediate need or one that you see out on the horizon?  
  • Why are you the right partner for us? When your CFO asks why you selected the path you did, what do you tell them? I can’t tell you what your own decision criteria are, they likely will come from a combination of meeting functional requirements, budgets, what services they provide to make you successful, what are other customers saying about them, is this their sweet spot or are they a “jack of all trades” provider? 
  • What value can I expect to get from this? We all know that organizations aren’t lacking in the number of projects they have, but we (all of us!) often struggle with priorities. The squeaky wheel gets the funds, right? That’s not how it should be. Bring data. Bring a believable return on investment/risk analysis comparing the return. Force other projects that you’re competing against to do the same.  
  • When can I expect to see value? What commitments are you making back to the organization about when time and/or resources will free up based on your investment?
  • Why are you so sure that I’m actually going to get value? This one is always tricky because of how subtle it is. We often decide on emotion and validate it with data. What does your gut tell you, is this an organization that you can see yourself doing business with for a long time? Have they supported you during the decision process?  

So, when my wife asks me what I’m working on, I know that if I have my 5 W’s buttoned-up she’ll give me a thumbs up and wish me luck. Perhaps it’ll be the same when you make a case to your CFO for the investment in a particular project that you’re passionate about seeing implemented within your organization. Oh, and yes, in this particular situation, I managed to fix the camera!  

To learn more about what to consider when shopping for a cybersecurity software platform, like vendor management, check out our helpful brochure that highlights the importance of having a separate software platform specifically to manage vendors’ privileged access to systems, networks, and applications.

 

The post The 5 W’s for DIYing your cybersecurity decision-making! appeared first on SecureLink.

*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Nils Marchand. Read the original post at: https://www.securelink.com/blog/the-5-ws-for-diying-your-cybersecurity-decision-making/