January 2, 2018 By Kevin Beaver 3 min read

Time is the scarcest resource we have as IT and security professionals. There are only so many minutes in each day to get things done. At the root of many security incidents and breaches is poor time management on the part of those tasked with getting the work done and preventing the breaches to begin with.

I certainly don’t envy information security administrators, managers and executives. With all the distractions of day-to-day business and constant interruptions by outside parties, it seems that there’s never enough time to focus on the big things — that is, until they’re made a priority.

Make ‘Back to Work’ Your Mantra

The older I get and the more patterns I see in security, the more I’ve realized the wisdom in what Jim Rohn once said: “If you really want to do something, you’ll find a way. If you don’t, you’ll find an excuse.”

I’ve witnessed and heard about some of the best professionals in this field getting distracted by new, shiny projects and technologies, and pushing aside the less exciting aspects of security. The good news is that it’s human nature to be drawn to something new. The bad news is that avoiding these distractions requires discipline. Therein lies a gap that creates the basis for many of the security challenges we have today.

The key to getting things done in security is to constantly ask yourself whether or not what you’re currently working on is the most valuable use of your time. I do that multiple times per day. If I catch myself getting distracted by my phone, social media or whatever — and I often do — I have found that repeating the phrase “back to work” a few times to myself helps me get back on track.

Urgency Versus Importance

To determine what is the most valuable use of your time is, you have to decide what’s most urgent and what’s most important. You’ll find many things that are urgent but not important, and just as many things that are important but not particularly urgent. You’ll also have other tasks that are neither urgent nor important. The key is to sharpen your focus on the areas that meet both criteria.

For example, documenting your security policies and updating your latest security standards are important tasks, but not urgent. The fact that a certain vendor just released an update to hardware or software that may or may not even be present in your environment might seem urgent, but it’s not necessarily important. However, if you haven’t performed vulnerability or penetration testing in the past six months, or if your development team hasn’t taken the proper steps to address the critical findings in your latest security assessment report, your resources should be focused in these areas.

Obviously, remediating known security threats, such as distributed denial-of-service (DDoS) and phishing attacks, should be a high priority. Ditto for major gaps around patch management, network monitoring and alerting, and awareness training. Make sure you’re making the right choices to prioritize whatever is considered urgent and important on your to-do list. The last thing you need is something urgent and important being ignored for so long that it brings your business — and possibly even your career — to its knees.

Set Your Goals for Time Management

Even though time management is such a critical aspect of the information security function, I’d venture to guess that most IT and security professionals have never taken a course in it. Study the concepts of time management and hold yourself and other pertinent parties accountable. Branch out and review your information security program goals. These goals are intertwined with how you manage your time and, ultimately, yourself.

Whatever needs to get done, dig in, get to work and commit to fending off distractions that are within your control. This one area of personal development can positively impact your security program in unimaginable ways.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from Risk Management

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today