Cybersecurity Value - Embrace the Suck

Cybersecurity Value - Embrace the Suck

In American military circles, there exists a term “embrace the suck”.  It means to consciously recognize and accept that something will be extremely unpleasant so as to not let it discourage from pursuing the best path to success.  It is often characterized as a situation that is misleadingly easy in appearance from an outsider’s view, but extraordinarily difficult in practice.  It forces operators to optimize their situation, knowing it will never be comfortable, and pushing through anyway.  With this mindset, professionals are driven to follow the best path, fully knowing it will be very difficult, and not concede to find the less productive but easier course.

For cybersecurity, measuring our value is this friction that we must contend with.  The effort to do it right and achieve sufficient accuracy simply ‘sucks’ to accomplish.   But without showcasing value, investment and empowerment will wither, thereby undermining the security organization’s capabilities to protect and enable the business. 

Calculating security value is an extraordinarily difficult ask that unfortunately dissuades many leaders.  They often pursue a theatrical path of flaming fears and doubts, or disregard the exercise altogether and attempt to operate without a clear picture of justification.  Such fear and ignorance will suffice for some time, but ultimately bites back in painful ways.

Accurate portrayals of value are foundational in establishing a sustainable strategy that aligns with the goals of the overarching organization.  It reveals a goldilocks zone where investment and empowerment are not too little and not too burdensome.

The cybersecurity industry must take on the struggle, knowing toil will never fully go away, and work to reduce the friction We must shed our anxieties and forego the illusionary poor-excuses of value couched in fear, in order to better convey meaningful cybersecurity investment.


The whole keynote presentation is available:

E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)