In Model-Netics methodology by Main Event Management you are taken through a management course that makes use of standard and what some would call common sense management rules to demonstrate and teach how to handle a lot of the items that come a leaders’ way during the course of a normal work day. Two of the Model-Netics rules that I feel need to be used more widely by Information Security leaders are the Action T.N.T rule and the Eighty Percent Rule. A lot of you are already familiar with the eighty percent rule but even though familiar it is seldom followed.
The Action T.N.T rule stands for Take Action Today not Tomorrow and encourages leaders to take action as soon as they have sufficient information to decide a reasonable course of action and not wait in paralysis until they have absolutely every bit of information that it is possible to have before moving forward. For example: I once worked on a project that had a project lead who was one of these paralyzed type of individuals and after 16 months we were still in the planning phase and talking about the implementation of a technology that was leading edge when the project started but that was quickly becoming outdated. He finally recommended cancelling the project as the technology was no longer viable and he was able to show how successful he was by not “allowing” a technology that was old to have dollars wasted on its deployment. He almost got by with that until one of the more astute executives asked him what the 5 million dollars he was given was used for and what the 20 resources assigned to the project for the past 16 months had been doing.
The Eighty percent rule, which is also known as the 80-20 rule or Pareto’s Principle is similar to the Action T.N.T method as it strongly recommends that leaders make a decision and start a course of action when they feel they have 80% of the information or 80% of the design completed and not wait for the remaining 20% before starting. There are many right ways to complete a task and neither the T.N.T. or 80-20 methodology suggest that adequate planning not take place before making a decision but that action is taken in lieu of collecting more and more and more data that really has little impact on the leader’s overall decision. When I lead my team(s) on projects and work items I do not allow more than 3 weeks planning to take place on even major projects, this ensures that once the planning is complete action actually takes place that ends up in completion of the final goal. This doesn’t mean that adequate planning is not completed – it just means that we’re kept pretty busy during the planning stage.
Have I been successful in that approach and with implementation of infrastructure, enhancements, etc. using this approach – yes I have. It works, it is effective and IMO it is a leaders and managers job to make a decision and move in the direction of accomplishing your business goals.
© Kevin L. McLaughlin, probably cited re-use is acceptable