Someone planted a tree: What has this got to do with cybersecurity?
All change involves risk. To mitigate the risk, we try to avoid change altogether, we go all in, or we plan to the nth degree. But there’s another way - Small bets. Small steps. Small spends. Small risks.
IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.
The four phases of the W4 Methodology - Where, What, Why, What (Now) - includes four clear milestones. Each milestone proves the progress you are making as you pragmatically move from your current situation to your desired future state.
When IT is your responsibility but not your primary area of expertise, it can be difficult to figure out how to gain the IT capabilities that you want while ensuring you have the IT security that you need. My roadmap, containing 12 steps across 4 phases that I call the W4 Methodology, can help you work through the process in a pragmatic and sane way.