As we begin a new year, many organizations will enter a “goal-setting and strategic planning” season. During this time, individuals are re-energized and motivated to record new accomplishments for their professional development. Traditional corporate goal setting aligns with fiscal calendars and forces companies and individuals to build goals in chunks of 365 days. But why set your deadline based on the Earth’s orbital period? What if you could achieve relevant and meaningful goals within just 100 days? That’s the idea behind the 100-day sprint – to achieve radical and strategic improvements within a fraction of the calendar year.

Most recently, the Biden Administration embarked on a 100-day sprint to improve the cybersecurity of our nation’s electric grid. If the U.S. government is agile enough to do one of these sprints, then surely your company is, too! But with so many OT cybersecurity frameworks, strategies, approaches, and solutions, where should you begin, and how can you apply this concept to your company?

Set a Realistic Expectation

It is very important to set a realistic expectation for what a successful 100-day OT cybersecurity sprint would look like for your organization. You should consider factors such as budget, personnel, bandwidth, and competing priorities. Don’t “boil the ocean” in this exercise. Achieve attainable goals, and once those are met, schedule each succeeding phase to aim higher.

Embrace the Three-Legged Stool

In your 100 days, focus on all aspects of the three-legged stool of cybersecurity: people, process, and technology. The allure might be to focus on technology, assuming you have budget. However, we can achieve a lot of forward progress without installing a new shiny object. What’s more, it might take you beyond 100 days to request quotes, compare vendors, complete the procurement process, and schedule installation services – even without considering delays in (Read more...)