Leadership

Security suffers when we rely on jargon

Discipline and explanations can lead to better security results. (Kubkoo/iStock via Getty Images)

When people use different jargon to describe the same outcome, security suffers. It builds friction that erodes value, destroys trust and burns people out. I watched jargon fuel a misunderstanding that almost came to blows nearly two decades ago.

I was helping a hospital system implement its first-ever identity management program. In the early stages of figuring out our approach, about 10 of us from different teams met in a forgettable conference room. Rob, the leader of the security program, handled the identity project. Darren represented the business in the technology organization. The project required the two of them to work together.

Since most people were new to identity, we started with some basics. Rob was intent on our need to identify the “authoritative source of truth.” Darren was adamant we needed to start by agreeing on the “system of record.” While it might seem obvious today they were describing the same thing, the terms were newer back then. As a result, no one realized they wanted to solve the same problem.

The effort to clarify created more frustration. With raised voices, Rob accused Darren of not listening and risking the entire project. Darren yelled back that Rob was incompetent. Red-faced and shouting, Darren rose out of his chair with a shaking fist. Rob bounced up and put his knee on the table, about to climb across to reach Darren.

The room jumped to their feet to separate and remove Rob and Darren. As some of the team got them to different areas, the rest of us sat in awkward silence. After some nervous banter, I asked if anyone could explain how the current process worked so we could figure out what Rob and Darren were so passionate about. No one had a picture or flow chart to share.

We needed to remove the jargon and figure out how it worked.

I asked one team to sketch it on the board. As they did, other folks in the room chimed in to add elements and make corrections. After about 30 minutes, we realized that Rob and Darren were talking about the same thing!

We also agreed the system was more complex than anybody had considered — and we needed more than just the source of truth or system of record to make progress. We needed a clear and accurate picture of how things worked.

We took over the room for about two weeks, meeting with every team and person involved in the process to help us capture an accurate representation of the provisioning process. We filled up each of the five whiteboards with as much detail as we could fit. It was a beautiful mess of boxes, arrows, lines and notes all over the place.

When we showed Rob and Darren what we worked out on the boards, they quickly realized they were trying to solve the same problem. To their credit, they both apologized to each other and to the team.

And then something really cool happened.

Looking around the room at all the mess on the whiteboards, Darren — who had more clout and budget — asked if it was possible to use the identity project to solve another problem he faced. Rob agreed it was a natural fit, and Darren offered the budget and the support of his team to speed up the process. The two leaders, close to throwing punches just a few days back, now laughed and joked together.

We don’t need to shout and resort to fisticuffs to figure things out. Sometimes we just need to step back, take a breath, and stop using jargon. Take the time to ask for explanations and, if needed, sketch it out. From that common picture, figure out how to get to the right place. The more discipline and quicker we do that, the better our results.

Michael Santarcangelo

Michael Santacangelo is the founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework – with our favorite question, “What problem are you trying to solve?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.