I Used to Hate ‘The Phoenix Project’ Until I Realized It Was About Me
I saw a recent post from Gene Kim on his upcoming book Beyond The Phoenix Project, and it reminded me about a conversation Gene and I had before the publication of The Phoenix Project. Here’s the conversation Gene and I had before the release (as memorialized in this IT Revolution blog post)
“When I first read The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, John made me angry. As a 20 year security veteran, John’s [the CISO in the book] totally selfish ‘my way or the highway’ attitude actually made me physically mad. Who did this guy think he was anyway? Why was Gene painting the infosec practitioner in such an unflattering light?
After finishing the book, I took a moment to look back on my career. Thinking of all of the people like John who I’d run into and worked with over the year I realized, with a little bit of terror, why I hated him so much.
Before I studied Visible Ops and DevOps, I was John.
It wasn’t until 2004 that I truly internalized that security is a part of the business, not against it. I didn’t want to see that pre-2004 self described in print so vividly. Gene, Kevin, and George have really hit it on the head. In order for IT and the business to succeed, we’ve got to realize that Security and the rest of the company are not at odds. It’s crucial that we learn to work together.”
I was lucky that I got to read the chapters and offer input as the authors were writing, but that also led to me having to wait weeks in between chapters! Every time a new section was in draft, I kept wondering why the authors were making Information Security practitioners look so bad. We had just finished writing Visible Ops Security a few years before, and I thought he understood the function. After seeing all the chapters in the pre-release copy, I saw that Gene, George, and Kevin were documenting what they saw from their many years of experience. It’s tough seeing all the wrinkles in the field that I have dedicated my career to. To grow and continuously improve, we must step back and make sure that we are the security professionals we want to be. We are part of the business and are here to help all parts of the organization to reach its goal.
I’m looking forward to this and other installments of The Phoenix Project.