Dad Joke and Cybersecurity
My name is KAM. In cybersecurity circles, I’m known for three things: publishing tools and research to combat cyber threats, starting meetings with a dad joke, and emphasizing progress over perfection in cybersecurity strategies.
Why a dad joke? Cybersecurity is high-pressure work that often leads to burnout. A quick joke before a meeting adds levity and reminds us of our humanity. My favorite?
Q: What’s the internal body temperature of a tauntaun?
A: Luke warm.
(Don’t get it? Watch The Empire Strikes Back and prepare to groan.)
The Common Cybersecurity Challenge: Getting Stuck
Beyond finding and retaining top talent, a major problem in cybersecurity is getting projects off the ground—and keeping them moving. Too often, decision-makers and cybersecurity teams aren’t aligned. They either face too many options, don’t understand the risks, or avoid tough decisions altogether.
To prevent projects from stalling, I rely on two key concepts:
- Box your cybersecurity project using goals, timeline, and budget.
- Give options with recommendations to avoid analysis paralysis.
Box Your Cybersecurity Project
Cybersecurity is never truly “complete.” Instead, it’s about fostering a culture of continuous improvement. To ensure a project stays on track, I approach it from the decision-maker’s perspective by focusing on three elements:
Define Clear Goals
Goals should outline pain points and long-term objectives without getting bogged down in technical details. For example, a company once ordered 1,000 toner cartridges—but they were the wrong kind and non-returnable. Had they focused on the goal (“get the right toner”) instead of specifics, they could have avoided the costly mistake. The same logic applies to cybersecurity: focus on outcomes, not just tasks.
Set a Realistic Timeline
Timelines define expectations for completion. Cybersecurity projects don’t need to be 100% perfect to provide value. Even partial progress can reduce risks, educate decision-makers, and build momentum for future improvements. Progress is always better than perfection.
Manage Budget & Resources
Budgets should account for software, hardware, staff, and funding. It’s also smart to take inventory of existing resources to maximize efficiency. Using the goals, timeline, and budget framework helps align teams, prioritize work, and control costs.
Here’s an example of how to summarize a cybersecurity project proposal:
“To meet the goals of X, we’ve identified the risks R. Within the timeline of Y and the budget of Z, here’s the prioritized list of N tasks and their expected risk reduction.”
This formula ensures clarity and keeps projects moving forward.
Offer Options with Clear Recommendations
As the cybersecurity expert, it’s your job to lead, not just present choices. Decision-makers need guidance.
Rather than overwhelming them with options, frame recommendations clearly:
“If I were in your shoes, this is what I would do…”
This makes it easier for stakeholders to follow your lead and take action.
Avoid Overpaying for Cybersecurity Assessments
Many organizations waste money on assessments that identify issues but don’t help solve them. Even the best assessments often fail to improve security because:
- They highlight too many problems at once.
- They don’t offer clear steps to begin fixing issues.
- They consume too much of the project’s time and budget.
A Smarter Approach to Assessments
Limit assessments to a small percentage of your timeline and budget—just enough to identify key risks without stalling progress.
For example, if you have $50K and six months for a project, dedicate:
- Only one week to assessments.
- No more than 5% of the budget ($2,500).
This ensures time and money are spent on mitigating risks, not just identifying them.
Final Thoughts: Progress Over Perfection
Cybersecurity is an evolving challenge, and perfect security is unattainable. The key is to make continuous progress by focusing on goals, timeline, and budget while providing clear, actionable recommendations.
About the Author
KAM is the Principal Evangelist and Cloud Fellow at Dito, a Google Premier Partner and Google Cloud Security Partner of the Year. He is also an Apache Software Foundation Member, U.S. Marine Corps Cyber Auxiliary Member, and Distinguished Senior Fellow in Cybersecurity at Thomas University.
Have a cybersecurity question or article idea?
📩 Email KAM@ditoweb.com
