Security FOMO Par Deux
Change your mind
FOMO: Fear of Missing Out
People trained in the art of cybersecurity management spend a fair amount of time scanning the landscape, looking for things they don’t know much about, learning about new stuff (cough, AI, cough), and generally paying attention to the unknown. The Cynefin Framework would call this type of work “chaos” or “complex” domains — where we spend out time probing, sensing, and acting in areas where there is little to no structure.
It’s not surprising, really. In order to do cyber risk management really well, you need to think about your threats, which are constantly changing. You must consider your vulnerabilities, which are also constantly changing. You must think about these things in the context of your business and its priorities, which are, you guessed it, always constantly changing. If you’re not scanning your environment looking for new, unknown things, you will miss the contextual changes that will make some things more relevant than others.
Security leaders worry they will miss out. Not just on missing out on seeing colleagues at a great conference, they worry they will miss the emerging new threats that will inevitably be The Threat that takes out their organization. They are pretty sure that the IT/engineering teams are doing something unnecessarily risky, right now, and…