Presentation: Security and Compliance Theater - The Seventh Deadly Disease
Abstract
Listen to author and evangelist John Willis describe the “Seven Deadly Diseases of Devops” with a focus on the most costly of them all - Security and Compliance Theater. This presentation will drill in on the practices needed to create long-term systemic “safe” improvement. Understanding these key patterns enables an organization to focus mainly on the intersection of human capital and technology. Although prescriptive practices like Lean, Agile, SAFE and even DevOps may be necessary for IT acceleration they are in most cases not sufficient for long-term systemic improvement. In other words, you can’t Lean, Agile, SAFe or DevOps your way around institutionalized organizational habits. The following is a list of the “Seven Deadly Diseases”:
- Invisible Work
- Management System Toil
- Tribal Knowledge
- Misalignment of Incentives
- Incongruent Organizational Design
- Misunderstanding Complexity
- Security and Compliance Theater
These seven diseases of organizational behavior must be discovered with “absence of prescriptive practice” through a process of organizational fact-finding, something described as organizational forensics. In this presentation, we will look at the “Seven Deadly Diseases” of IT organization and show how all seven are indistinguishably related to cybersecurity, risk, and compliance.