I was having a fantastic discussion with a close friend yesterday about how the security industry harbors people that fight battles just for the sake of fighting battles. It’s the stuff that makes Sun Tzu shake his head knowing that you are on the losing side. My friend said, “Hey, didn’t you write about something like that a while back?”
Once again, Past Brando hosed Future Brando.
One of Sun Tzu’s biggest teachings is that the preferred method to win a battle is to win without fighting. If I were to take some literary liberty with this edict and apply it to the security space, it’s better to win within the established rules of the game instead of spending all of your time trying to change the rules.
How about a visual analogy? Think about how a river flows. In the center of the river you typically find the fastest currents. If a leaf were to ride that current, they would go the furthest with the least amount of effort by staying in the middle of the current. Near the shore there are many obstacles which create eddies that impede progress, and there is always that pesky rock in the middle that threatens to split the river in two. Steering clear of the shore keeps you moving, and choosing left or right around the big rock will get you through. Over time, that rock erodes and eventually dips below the surface such that it does not impede the current.
Peaceful imagery aside, consider how your actions in the security and compliance function go with the current. The current is the economy and the business is the leaf. You don’t want to be a rock—you will just be worn down and maneuvered around—and you don’t want to get caught up in little eddies that hold you back. You want to guide the business safely through the current faster than your competitors. The lesson here is to choose your battles, and try to win without fighting.