• Phil Venables

Career Longevity & "The Don't Fire Me Chart"

To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this is also a space where there is often impatience to get results fast. Sometimes this is workable, many times it is not. The end result, in a number of organizations, is constant turnover in the C-ranks (CISO, CTO etc.). Let’s examine why.


1.Issues are going up, so they hire or assign you to fix them.



2. You hit the ground running and find a bunch of quick wins and start reducing the number of issues. So far so good.


3. Then you start digging deeper, improve monitoring, risk assessments and other instrumentation : as a result you start finding more issues that need fixing. At this point management wonders why you’ve made the situation worse and then decide they need someone new.




4. Then a new person turns up, applies the same method, typically reinventing/replacing what you did, and so the cycle continues. Often, given entropy / usual net increase in risk, the graph keeps trending up despite the occasional downward move.



5. However, if you get the support from leadership and get to push through then you will hit a sustained lower level of issues. Many organizations have done this.



Bottom line : when you are new to a role or assignment show people this last chart and remind them that things may start to look worse before they get better and that can be a sign of being on track. Show them the point where you don’t want to be fired.


1,529 views0 comments

Recent Posts

See All

Cybersecurity : The Winner’s Game and The Loser’s Game

There is a seminal paper in finance by Charles Ellis called the The Loser’s Game which, in simple terms, foretells the move from active to passive investing and the reasons for it. My favorite bit of

Return on Investment for Security

The concept of return on investment (ROI) for security has bugged me for a long time. Not because it isn’t a laudable goal. Of course, any investment you make should deliver something in return. Rathe

"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"

I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about this. Similarly I really enjoy reading Greg McKeown on the conc

Subscribe for updates.

© 2020 Philip Venables.