Originally posted to LinkedIn on January 13, 2016

Tip #4: Avoid Common Mistakes

The most common mistake I see in information security is when people get overwhelmed - the process becomes too cumbersome and too intimidating. So, people ignore it and hope nothing happens. Too many people say “the system is too old” and “we could never do that,” but that is never the case. Don’t let perfect be the enemy of the good. 

Here is a pep talk…some emotional advice to reflect on and remember as you embark on this security journey – and it is a journey.

  • It’s all about continuous improvement (just like life);
  • The goal is to constantly improve;
  • Start where you are and get better;
  • Don’t get deflated – keep the momentum going;
  • Break through the politics and get people on board;
  • Most mistakes are not technical – they are management errors. 

To avoid these mistakes, consider the following philosophies:

  • Don’t let perfect be the enemy of the good (this warrants repeating);
  • Always look at how to control scope - you don’t have to do it all yourself;
  • Get experts in the room - do your due diligence;
  • Take necessary precautions – you can’t afford not to;
  • Do what is needed and then take it to the next level – think like hackers. 

Happy New Year. More to Come in 2016.