Odd the connections that our minds make.
As I was reading an email from Verne Harnish the author of “Mastering the Rockefeller Habits”, a quote by a very successful business owner who uses the system really struck me on multiple levels (including running an Information Security Management System), “Routine sets you free …”
For some reason I tend to view the definition of many, many words as their connotation (subjective cultural or emotional meaning) rather than their denotation (literal meaning). I have spent the vast majority of my adolescent and adult life looking to shun the “routine”. To me routine meant rote, mechanical, a grind or a rut. I preferred to view myself as being spontaneous, creative, and free flowing.
Oddly, my role as an information security auditor has changed the way I look at the word routine. I’m not sure if my connotation has shifted or if I’m now using the denotation, but I am increasingly looking at routine as being more positive in nature (e.g., structured approach, purposeful) and spontaneous as being more negative in nature (e.g., unplanned, improvised, ad-hoc). More interesting to me is that the perceived “restrictions” of routine and the “freedom” associated with spontaneity are too often just that, perception — and worse a mistaken one. Following routines positions you to address the basics in a consistent and structured manner that provides you the freedom to be creative and strategic with the less fundamental. To the contrary, spontaneity often leads to an ad-hoc approach that results in oversights. These can cause challenges requiring extraordinary efforts to remediate as well as challenges in executing on the basics, directly preventing the spontaneity that you are seeking.
From an information security perspective, I think many of our clients share my former thought process. Mention following a formula (e.g., a back to basics approach that includes log reviews, an SDLC, Risk Management) and you get glazed eyes and a level of disinterest only rivaled by vegans at an all you can eat barbecue. Mention a “silver bullet” shiny appliance that is this year’s solution to the words “information security challenges” and they are fully on-board.
So I find myself a “routine evangelist”, preaching to the masses to see the light and understand that it is only through a logical, structured and (yes) routine approach that you can simplify the complexities of information security.
For me personally, the last 5 years or so have been rewarding as I continue to evolve my connotation of “routine” from a very negative one to a very positive one. I only wish that I would have been smart enough to have not waited so long!