CISO Lessons Learned – Technology Makes a Bad Process, Bad Faster
In one of my early management roles, I naively thought that I could take a shortcut by buying a tool to skip a process redesign. My team was responsible for a process that was troublesome and had weak metrics. My team identified a vendor who promised to solve all our problems. My team explained that the methods were inconsistent; we didn’t have consistent points of contact; we had multiple inputs and outputs, and so on. Purchasing this technology seemed like an obvious choice, and I’d save my team the time of having to do process design with input output and processing diagrams. Months after buying the tool, we were getting results the same adverse outcomes, but much faster. I had put myself in a bad situation as I had spent the money and now had to go back and do the step I should have taken in the first place. Luckily, it wasn’t a significant expense, and we were able to recover. If I had gone with my instincts, I would have come out with much better results and save my company and team time. Now, I always start with reviewing the process, understanding the inputs/outputs, and processing steps before I look at bringing in technology. If the process is optimized and the results are consistent, then it’s time to look at existing technologies or bringing tools onboard.
The key lesson is that applying technology or automation to a poorly or improperly designed process doesn’t get you anything other than bad results more quickly. Take the time to do the pre-work, and you’ll save your team time and frustration.