• United States

Security by walking around

Feb 20, 20032 mins

* You can learn much by walking around

In the last article, I discussed security by objectives. In this follow-up, I want to draw parallels for information assurance (IA) to another management technique, management by walking around (MBWA).

When I worked for HP in the early 1980s, I was particularly impressed by the practice of MBWA. Managers literally walked around the office, stopping off to chat with employees and with other managers. They picked up all sorts of valuable insights by watching what employees were doing – as opposed to what got reported through more formal channels. Managers could discover practical problems faster than by waiting for disaster; they could forestall problems by listening to the people most likely to know what was wrong (or right) with specific clients, tasks, projects, units, departments or the whole company.

I remember the time when Steve, the systems engineering manager for all of HP Canada, came to the Montreal office to ask us “SEs” (an incorrect and now-abandoned term for technical support specialists, not all of whom were professional engineers) what we thought of a new programming tool we had been studying before its release. Steve sat on a desk with a bunch of us lounging on the floor, on chairs and on other desks in the big open work area of the Montreal office. We told him flatly that the product was terrible; the syntax was inconsistent and illogical, the number of bugs was unacceptable, and we would have a disaster in customer confidence if we released it in this state.

I think it speaks to the power of the HP Way, the guiding principles of HP management, that Steve listened carefully and brought our comments back to headquarters for action. The remarkable thing is that we all felt absolutely confident that our gripes would be taken in the right spirit.

When we are working on security – such a complex mixture of technology and human psychology – I think that MBWA is a perfect approach to learning what’s really happening in our organization. Walk around and listen carefully to uncensored comments from the people who are simultaneously trying to get their work done and to maintain information security. Then take action to fix the problems you find.

As a bonus, you get to tone up your legs, improve your blood pressure and use up the calories from that muffin you just ate.