In 2011 I went back to school to get my MBA. Back then, the thinking was that if you want to speak to business people, it is best to understand their perspective. As a CISO, it has proven to be a very valuable lesson. However, more and more, what I am hearing from executives are stories about cybersecurity, not the other way around.
Now I get that I’m in the deep end of the pool when I teach Incident Response and help advise companies on how to mitigate their risks, but the zeitgeist has changed, and my peer group of MBA classmates is more likely to ask me about managing their business risk.
A quick look at the headlines leaves no doubt about why this is. There are weekly stories about cybersecurity breaches, lost customer data, or businesses interrupted. Just this week, the US Government has increased regulations on key infrastructure sectors in response to known threats, and with the war in Europe, it is ever more apparent that we need to be aware of our exposure to such risks.
The question came back to me. How can we make this problem manageable for businesses?
It’s maybe nostalgic, but I recently bought a home in Indiana to be closer to family, and I couldn’t help but reflect on the years that my father ran his own small business, first out of our home and later with his shop. While I have great memories of that shop, I can’t help but recognize how daunting that journey would have been today, given the necessities of Information Technology and the risks that it brings with it.
The journey that I started a few years ago with CyberFoundry was to create a vehicle for connecting cybersecurity risks to business advantages, providing insights to companies on how to tame their risks and outperform their peers by turning cybersecurity risks into a predictable, managed aspect of their environment. But it isn’t enough.
When I think about the journey of small business, specifically the entrepreneur, the road is definitely uphill. There are so many decisions to be made when starting a company that it can be overwhelming.
Through my work at CyberFoundry, I recognized that adding security after operations are in flight isn’t optimal. As I have focused on starting my own business, I’ve learned that this lesson equally applies to operations. Think of it as the time to recognize you need an accountant isn’t during tax season mentality.
So here is my question.
What would it be like to create a small business where the operational decisions made sense and there was a path to introduce new processes and technologies effortlessly as the company grew?
I recognize this seems slightly too optimistic, but let’s get into it for a minute. Let me propose what I think may be familiar scenarios for any small business.
- As a founder, you’re responsible for doing everything. It’s all in your head, and you’re indispensable to operations. You would like to bring on new employees, but the overhead of administering that and training and delegating your work is overwhelming, so you keep critical functions on your plate rather than grow.
- You know you need a better website. The one you started your company with was done by some company that isn’t around or doesn’t answer the phone. Either way, the site doesn’t represent you and needs additional functionality. Maybe even show up in a web search result. But how can you redesign the website and know how your customers are interacting with it?
- You need to send out a proposal to a potential client. You know this because there is a post-it note on your monitor to remind you. But you still need to send files to clients, complete invoicing, create a new quote for an existing client, and think about how you’re prospecting and selling new clients. But these processes are all separate concepts with no system to bring them together.
And I’ll add one last one.
- You recognize that you need to bill your time to clients, but there isn’t an efficient way to track this and automate the billing. Does it make sense to spend 15-minutes sending out an invoice for a 15-minute phone call? How much of your time goes unaccounted for or lost?
So here’s the thing. These operational problems, and many others, are easily solved if you know the right solutions. More prominent companies don’t solve these problems because they are big or have the budget. They solve them because they can bring the right people to the table with the skills to implement real solutions.
In the coming days, I will spend a little more time outlining a new company that I’m starting called ITFoundry. While some of the details are still being worked out, my goal is straightforward – to help small business run operations better than and compete with larger competitors.
There is a lot of competition, and larger businesses have a natural advantage.
Let’s level the field.
About the Author
Bill Weber is a Virtual CISO and Entrepreneur located in the United States. He works with clients wanting to better understand risk and create meaningful advantages for their organizations by tackling them creating real long term stability.
You can find his company at cyberfoundry.io.
Comment on LinkedIn
Credit for the cover art to DALL-E.