Action, Not Inaction is What Being a Leader is All About

In Model-Netics methodology by Main Event Management you are taken through a management course that makes use of standard and what some would call common sense management rules to demonstrate and teach how to handle a lot of the items that come a leaders’ way during the course of a normal work day.  Two of the Model-Netics rules that I feel need to be used more widely by Information Security leaders are the Action T.N.T rule and the Eighty Percent Rule.  A lot of you are already familiar with the eighty percent rule but even though familiar it is seldom followed.

The Action T.N.T rule stands for Take Action Today not Tomorrow and encourages leaders to take action as soon as they have sufficient information to decide a reasonable course of action and not wait in paralysis until they have absolutely every bit of information that it is possible to have before moving forward.  For example:  I once worked on a project that had a project lead who was one of these paralyzed type of individuals and after 16 months we were still in the planning phase and talking about the implementation of a technology that was leading edge when the project started but that was quickly becoming outdated.  He finally recommended cancelling the project as the technology was no longer viable and he was able to show how successful he was by not “allowing” a technology that was old to have dollars wasted on its deployment.  He almost got by with that until one of the more astute executives asked him what the 5 million dollars he was given was used for and what the 20 resources assigned to the project for the past 16 months had been doing.

The Eighty percent rule, which is also known as the 80-20 rule or Pareto’s Principle is similar to the Action T.N.T method as it strongly recommends that leaders make a decision and start a course of action when they feel they have 80% of the information or 80% of the design completed and not wait for the remaining 20% before starting.  There are many right ways to complete a task and neither the T.N.T. or 80-20 methodology suggest that adequate planning not take place before making a decision but that action is taken in lieu of collecting more and more and more data that really has little impact on the leader’s overall decision.  When I lead my team(s) on projects and work items I do not allow more than 3 weeks planning to take place on even major projects, this ensures that once the planning is complete action actually takes place that ends up in completion of the final goal.   This doesn’t mean that adequate planning is not completed – it just means that we’re kept pretty busy during the planning stage.

Have I been successful in that approach and with implementation of infrastructure, enhancements, etc. using this approach – yes I have. It works, it is effective and IMO it is a leaders and managers job to make a decision and move in the direction of accomplishing your business goals.

© Kevin L. McLaughlin, probably cited re-use is acceptable

About mclaukl

Professional Certifications - Certified CISO, CISM, CISSP, PMP, ITIL Master Certified, GIAC Security Leadership Certificate (GSLC), CRISC. Kevin also holds Certificates in the Advanced Principles of Information Security and in Advanced Information Security Research Methods from Jones International University. Kevin L. McLaughlin began his career as a Special Agent for the Department of Army. He was responsible for investigating Felony crimes around the globe. He has had many careers over the years, including being a Police Officer in Kissimmee Florida, an Investigator for Mastercard/Visa, a Middle School teacher, a Director at Kennedy Space Center (where he worked with Fred Hayes, James Lovell, Armstrong, Sheppard, etc.), the President of his own company, an IT Manager and Senior Information Security manager with the Procter & Gamble (P&G) company (fortune 35), a CISO at the University of Cincinnati and a Senior Information System Security Manager for the Whirlpool Corporation (fortune 125). Kevin has also been an adjunct since 1992. While at P&G Kevin created one of P&G’s augmentation outsourcing teams in India. Kevin designed and implemented this India team and it won a global Gold Service award from Atos-Origin and has acted as a model for countless corporate relationships since. Over the years Kevin has: created an Information Security program conducted Information Security Strategic planning designed Information Security solutions, investigated over 700 Cyber cases and operated a Global Security Operations Center. • Education - MS in Computer Science Education, BS in Management of Information Systems * PhD in Cyber Security, University of Fairfax
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s