In the digital age, the need to transform your business in the face of competition is only going to become more important, and more difficult. Start-ups can build all of this in from the beginning, and have a whole host of success and horror stories from which to choose their inspiration. Large organisations that have developed slowly over time do not have this luxury, but the fear of ‘disruption’ has them mad-scrambling looking for a way forward.
Let me be clear, I have nothing against either of these tools, but that is all they are; tools. They are a means to the end, not the end itself, and over-reliance ON the tools will eventually lead you astray. Unless the business goals drive the tool choice, and NEVER the other around, all the action items in the world won’t get you where you need to be.
This requires a Vision.
And not just one vision, you need a vision per department. There’s no point trying to promote change when your HR department still hires people in exactly the same way, and are looking for the exactly same ‘corporate fit’. What you’ve always had got you here, only something else will get you somewhere different.
IN security for example, an example of a vision statement goes something like; “We will provide world-class defence for all information assets to enable and optimise all corporate goals and exceed client expectations.”
There are millions of these vision STATEMENTS out there, but three things that a lot of organisation who tout them seem to lack are; a) an understanding of what “defence for information assets” actually entails, b) what the most important things are to the foundation of such an effort, and c) the ability to execute that plan at the right level.
For example; Everyone who’s been in security for more than 5 minutes should know that without a policy framework, you have nothing to build your security program on. You then work out very quickly that any policy framework not signed and evangelised from the highest levels of an organisation will be basically ignored. An information security policy framework (ISPF) signed by the CSO is unlikely to followed wholeheartedly by the the other C-levels, an ISPF signed by the CEO will.
Quick Advice: If you’re a security expert, never work for someone who is not prepared to at least ask the CEO to sign something, especially policies, it’s just not worth it.
It is very easy to bandy words like Agile and Lean around, especially if you’re the one doing the delegating, but it’s very difficult to LEAD a team when you yourself either haven’t defined what your vision looks like, or worse, you don’t have one and you simply regurgitate things you’ve just read in a book.
Frantic energy expended on a series of action items [Agile] assigned to a few key people [Lean] is one thing, doing this with a vision of what SHOULD be is quite another.