SOAR technologies strive to automate some of the repetitive human effort required to maintain a strong security posture. Here's how SOAR tools fit into an enterprise security strategy.
5 time thieves and how to beat them
Learn tactics to fight the factors that steal your time, day after day. Hint: You’ll have to learn to love “no”
Unless you’re on vacation, it is not a good day when you start your number one priority on the day’s to-do list at 5:00 pm. We tell ourselves that there are not enough hours in the day. Yet we mortals all have the same 24 hours. The problem is that we don’t protect our hours from being stolen. We let thieves steal time from us, day after day.
Get to know the five thieves of time, which if exposed and measured for impact, can help us improve our performance:
- Too much work-in-progress (WIP) – work that has started, but not yet finished.
- Conflicting priorities – projects and tasks that compete with each other. This is exacerbated when we are uncertain about the most important thing to do.
- Unknown dependencies – something we aren’t aware of that needs to happen before work can be finished.
- Unplanned work – interruptions that prevent you from finishing something or from stopping at a better breaking point.
- Neglected work – partially completed work that sits idle on the bench.
If we confront the thieves, acknowledge their existence, and make them visible, we can begin to chase them away and take back the day.
Too much WIP
This stems from too much “yes.” If you want to get important work done faster, more “no” is required. This thief thrives on interruptions, dependencies, and competing priorities – and that’s why it’s the ringleader of all the other time thieves.
Reducing WIP increases your attention on fewer items, allowing a laser sharp focus on completing the most important work. Note Warren Buffet’s quote, “The difference between successful people and very successful people is that very successful people say ‘no’ to almost everything.”
Don’t allow new work to be started until people have capacity to do it. Let people pull work into their work queues, instead of pushing work on them. Measure and study lead time to learn how long work items take to flow across the whole system. Watch lead times improve over time when WIP is reduced. Stifle this thief with more “no.”
Conflicting priorities promote overload. When people are unsure of priorities, they take on too much WIP. But doing many things at the same time increases the risk of delaying everything.
For teams experiencing damage from this time thief, bring visibility to all the conflicting work.
Incidents, project work, admin work, maintenance work – each competes with the others. When work goes on hold because someone says “you need to do this other thing now,” make that visible. Show that implementing the new security vulnerability fix got delayed because merit reviews were due on Tuesday. Choke this thief with a clearly defined prioritization policy to help teams know what to pull into their to-do queue next. Whether the policy is the highest paid person’s opinion (HiPPO) or the weighted shortest job first (WSJF), make it visible and communicate it broadly.
This thief steals time from you by increasing uncertainty, thereby increasing the probability that you will deliver <insert whatever> late. Dependencies (whether they be on architecture, on expertise, or on activities), increase the need for coordination. When coordination needs across teams are high, people aren’t available when you need them. When demand for security expertise is high, the information security officer isn’t available and precious time is lost.
Fight this thief in several ways:
- Decompose the monolithic IT architecture into microservices to reduce dependencies.
- Organize software development teams by product instead of project to reduce complex dependency-driven handoffs during releases to production.
- Reduce delays from unknown or invisible dependencies and help teams anticipate what’s headed their way by using dependency matrices.
[ Want DevOps advice? See our comprehensive resource, DevOps: The IT Leader's Guide. ]
This includes undeniable emergencies, such as when the database server hits 100 percent capacity utilization, and questionable emergencies, such as the VP’s request for how long it will take to modify an integration. Either way, these interruptions prevent you from finishing something, or from stopping at a better breaking point.
In our complex unpredictable world, there will always be unplanned work - we live in denial if we think otherwise. Plan for unplanned work. And then allocate capacity to study unplanned work, to learn how systems break and how to make them more robust. If we invest in training, would some issues decrease? If business strategy is communicated better, could teams prioritize easier or adapt to change faster?
Let's talk about work that gets partially completed and then postponed. This work sits idle on the bench waiting for attention. Important maintenance work (what this author calls “revenue protection” work) can fall victim to this thief, as it gets overpowered by the promise of revenue generation from business people. That is, until thief Unplanned Work swoops in as the neglected work evolves into an emergency, such as a security breach.
One way to ensure that important maintenance work gets done is to set an explicit policy whereby there is "n" number of revenue protection items in progress at any time. Research your archived work items over the last six months to discover how many maintenance items, which if completed sooner, could have reduced problems. If the result is 10 percent, then allocate 10 percent of the team’s WIP for revenue protection work. If the WIP limit for the team is 20 work items, then they can always have two revenue protection work items in progress. Experiment and adapt as needed.
Expose the crimes
Time thieves hide right under your nose, comfortably cozy between you and your work. They leave clues at every crime scene. If we’re going to improve performance, we must expose the crimes that time thieves commit. Then you can pre-empt delays related to neglected and unplanned work, conflicting priorities and unknown dependencies before the hour glass expires.
Want more wisdom like this, IT leaders? Sign up for our weekly email newsletter.