Leadership, Security Strategy, Plan, Budget

Clarity in planning security helps to complete goals with confidence

The clarity of mapping a process allowed the columnist’s team to focus on solving the right problems to deliver the most value. (Zerbor/iStock via Getty Images)

Have you ever felt that you have the same conversation over and over, carried on from meeting to meeting? That happened last fall, and again recently, with a newly formed team I’m working with.

The team, new to identity, was struggling to understand role-based access control (RBAC) and figure out if they could make improvements with only the existing tools and data. It turns out the answer is "no." While the current identity architecture works, the legacy debt built up over the last decade prevents future progress.

Their opportunity is to step back and think about identity and the identity program differently. Their challenge is the concept of identity was the dumping ground for bad ideas and previously failed projects from ad hoc efforts. They need to clear the decks of some legacy work while setting the stage for more valuable work.

It’s a bit like walking on plates spinning on top of long poles that keep shifting.

The confusion — and lack of clarity — meant we had the same conversation at every meeting, to the point it became a running joke for us. Naturally, we needed to focus on clarity while also trying to get stuff done — which was, admittedly, unclear.

But… no time to clarify when you need to plan

Then we got dragged into a department-wide planning session.

I make it seem worse than it was.

Each quarter, the company pulls teams together to talk about their work and plan the next 90 days, together. By increasing transparency, teams figure out how to work better together to avoid surprises later.

It’s an excellent program for mature teams with clarity on their work and who they need help from. For a new team loaded with confusion and conflicting priorities, it’s a fascinating exercise.

Just “getting something on the board” is not good enough (planning is hard)

Because of the constraints — and expectations — of the planning meeting, we rushed through as much as possible just to get something on the board. It was a struggle as we continued to rehash the same conversations in search of clarity.

As other teams and leaders stopped by, we took time to answer their questions and connect as many dots as possible. We ended up with a high-level overview of our work and some “plans” we could show to others.

We made no asks of other teams, and no other team made asks of us.

So we’re good, right?


I had zero confidence in the plan, knowing the lack of clarity that bit us in the ass for the last year would flare back up (and it did — but that’s another story). The team had little confidence in the plan, too.

Map it out for clarity and confidence

We left the planning session with a documented “plan” and no confidence.

So we called for a reset.

In January, we gathered a smaller group to map out the situation. We drew on our collective experience and insight to capture a more complete, more accurate, and more clear picture of the situation. It took us less than a day to build our map — our focus was “good enough” to get started.

The tone of the team changed from confusion to confidence. We stopped having the same conversations as we shifted toward getting stuff done.

Use your map to find your path (and ask for help)

We made a map that let us see the situation and pick the right path. The clarity of the mapping process allowed us to focus on solving the right problems to deliver the most value. Then we used the map to work backwards to establish our milestones (in this case, we built features and stories) to achieve our goal.

The map even showed us where we needed to ask for help from other teams.

Security is hard, and identity is confusing. A lot of complexity and competing concepts make it hard to grasp. By taking the time to draw a map, we made it easier to for other teams to engage with us. It also allows others to improve our map and show us where they can help — often in ways and places we didn’t know to ask about.

As a result, we enjoyed the meetings and left with mutual confidence in our approach.

Confidence in planning leads to delivering more value

Now the confidence in the plan is translating into confidence in how we complete our tasks.

When you don’t feel clear, you aren’t. Without the clarity to guide the work, you end up with wasted work, rework, and a lot of friction. Clarity is the fuel for acceleration, and how you deliver value faster with less friction.

We stopped having the same conversation over and over. And now the team is bringing visual maps and models to share at the next department-wide planning session, confident that this time planning with others leads to success.

Michael Santarcangelo

Michael Santacangelo is the founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework – with our favorite question, “What problem are you trying to solve?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.