Phoenix Project Archives

Home » Phoenix Project

Beyond compliance: Maturity models

Dave Farquhar security January 2, 2014December 22, 2013Advance Auto Parts, CVS, KIM, passwords, Phoenix Project, Regulatory compliance, Two-factor authentication

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that.

Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time they’re approved, they measure themselves against a maturity model, which compares their practices with similar companies in similar lines of work so they can see how they measure up. Read more

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Gene Kim on scheduled maintenance

Dave Farquhar security December 31, 2013December 21, 2013hp, Kansas City, KIM, laserjet, New York, Phoenix Project

The excellent book The Phoenix Project has a choice quote that stuck with me.

In this scenario, the Yoda-like character asks the hero to imagine a company that makes deliveries. If the trucks break down, the deliveries stop, right? So you change the oil, since not changing the oil causes trucks to break down.

“Metaphors like oil changes help people make that connection. Preventative oil changes and maintenance policies are like preventative vendor patches and change management policies. By showing how IT risks jeopardize business performance measures, you can start making better business decisions.”

Dave Farquhar

dfarq.homeip.net

The Phoenix Project: A must-read book for anyone who aspires to IT leadership

Dave Farquhar security December 9, 2013November 30, 2018CIO, CISO, journalism, Office Space, Phoenix Project, Windows Control Panel

After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.

Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more

Dave Farquhar

dfarq.homeip.net