Phoenix Project

Beyond compliance: Maturity models

Dave Farquhar security , , , , , ,

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that.

Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time they’re approved, they measure themselves against a maturity model, which compares their practices with similar companies in similar lines of work so they can see how they measure up. Read more

Gene Kim on scheduled maintenance

Dave Farquhar security , , , , ,

The excellent book The Phoenix Project has a choice quote that stuck with me.

In this scenario, the Yoda-like character asks the hero to imagine a company that makes deliveries. If the trucks break down, the deliveries stop, right? So you change the oil, since not changing the oil causes trucks to break down.

“Metaphors like oil changes help people make that connection. Preventative oil changes and maintenance policies are like preventative vendor patches and change management policies. By showing how IT risks jeopardize business performance measures, you can start making better business decisions.”

Read more

The Phoenix Project: A must-read book for anyone who aspires to IT leadership

Dave Farquhar security , , , , ,

After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.

Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more