I have to be honest with you. Today is my blog day, and I completely forgot (ignored?) it. There’s just too much happening around the office and around the home for me to have kept up on something I do for fun. But, I think I can make a save, at least this one time.
Lately I’ve been a busy guy (a lot like things used to be when I was on the front lines instead of guiding development of the tools the front lines use). Part of my daily routine is to attend meetings, and during these meetings I take notes – usually copious notes for later review. Being a transparent sort of guy, I prefer to share all of my notes at the end of each month – anyone in the company can read them.
Of course, I don’t like to transcribe notes at all, much less multiple times, so I often type notes during the meeting; I’ve elected to use a software package called Tinderbox to manage my notes. The software is somewhat complicated, and getting templates, prototypes, and other aspects of how I take notes sorted took me a fair bit of time. On the other hand, the software automatically exports my notes to HTML according to those templates I created, which makes publishing my notes a very automated process. All I do is hit export, and FTP the results – publishing takes all of 30 seconds once a month. I could make it zero seconds by creating a script to do the work for me at a prescribed time – I just haven’t gotten around to it.
Without that automation, I probably wouldn’t be sharing my notes because publishing would simply take too much of my valuable time. The reason I am able to publish is because I leverage the automation capabilities of Tinderbox. This, in turn, creates a pressure on me to be mindful that my notes will be published – transparency. If it weren’t for this, I wouldn’t be as transparent, which would probably have some adverse affect on how I take notes.
The transparency I know I’ll have when I publish my notes causes me to think when I take notes and to take notes with care. It’s much more than ensuring I’m not using expletives in my notes, rather, it’s that I know I will be held accountable for the notes I take and subsequently share. People will be relying on those notes, and that makes me want to do a better job. Moreover, I have the time to do a better job, because I don’t need to manually publish anything – this gives me time to review my notes before I hit the export button.
I believe a similar relationship exists between automation in information security and transparency to the organization. The more automation we bring into the fold of information security, the more we can get rid of the mundane processes security professionals face, the better off we’ll be.
Maybe this is a lame post, because I forgot about the deadline. But the truth is that automation can enable better work habits and transparency to the business. I’m curious to understand where your most mundane process is and what they are. Do you think it’s a good candidate for automation? In fact, what scares you about automation (noting the difference between the meanings of “automation” and “automated”)? Is it about losing control? If so, where are those touch points that would matter most to you to mitigate that concern?