I’ve been really impressed by the exploration and resulting discussion of the fundamentals taking place in the Security Catalyst Community. Join the discussion: What are your “fundamentals” for security?

My quest for the fundamentals began initially considering the superstars of sports, and watching, then studying their routines. I’ve shared the fundamentals conversations with clients, friends and colleagues – and I love listening to the stories of how this applies to sports, to thing like teaching children match and science… all of the different ways we connect, consider and distill. It’s not a surprise to me that we’re collectively struggling to develop a clear list of the fundamental building blocks of information protection.

The current list
1. Confidentiality, Integrity and Availability
2. Defense-in-depth
3. Least Privilege
4. Simplicity

(and we’re currently discussing a few others)

It’s important to note that the discussion of fundamentals quickly veers into discussions of “how-to” – which is the next step. Many of us are entrenched in the day-to-day operations, and discussing the how-to is ABSOLUTELY NECESSARY for us to distill down to the fundamentals. I know the progress may seem slow, but it’s clear to me that we’re making progress, and this is only the beginning.

The Value of Fundamentals – through Triathlon
I am registered for Ironman 2008 in Lake Placid, NY (July 20, 2008). While the goal is a long way off, it also requires me to start training now, after several years of being away…

When I was younger, I was a competitive swimmer, swim instructor, cyclist and active triathlete – and was fortunate to have good coaching that drilled the fundamentals into me, whether I knew it or not. Looking back, I didn’t know it then, but I certainly appreciate having those fundamentals drilled into me. A few weeks into my training, I am finding that my “muscle memory” is surprising… and that allows me to both focus on building up my endurance base, but also to focus more deeply on the fundamentals so that I am even more efficient and effective. At the same time, I struggle with “what I used to be able to do” as I focus my time and energy on relearning and mastering the fundamentals. I firmly believe that a simple training plan based on proper application of the fundamentals will help me reach my goal.

As such, my approach to spend 8-10 weeks EXCLUSIVELY focused on fundamentals of swimming, cycling, running, nutrition and rest. The idea is to slowly introduce the right patterns and behavior that will guide the extended training and distance I will need to travel in the coming months (and years, since one certainly won’t be enough). I also am doing this while finishing my book, planning a campaign across america and launching some new assessment and awareness solutions — you guessed it — based on understanding and applying fundamentals.

I’m actually able to train in about 8-10 hours a week right now, which hasn’t impacted my business or my time with my children. In fact, I’m finding that I actually have MORE time and am more PRODUCTIVE in the time I do have. Weird, right?

So how does this relate to security and our quest for fundamentals? Well, I think studying other fields for their fundamentals is a brilliant and important approach. Not much new has been created, but there is plenty to learn from, adapt and expand on. I’m finding that by following the fundamentals in my tri training, I am able to be more effective with less risk. AH-HA!

If we want to be more effective with less risk, then we also have to make the time to learn, study and learn to apply the fundamentals. And we have to do this all the time. Even as my training progresses, I am seeking the advice and counsel of coaches, clinics and incorporating basic drills to help my body continually understand and apply the fundamentals. In the beginning, it sometimes feels slow – and that can be frustrating. As time goes on, we realize we can go further, faster – whether in physical pursuits, or in our careers.

The practice of security is no exception to this rule. I will continue to explore the parallels and will be writing about them, sharing them here and looking forward to learning from each of the contributors here … soon, we’ll have a compelling and impressive list. Don’t worry about the struggle… this isn’t designed to be a quick exercise. It’s going to take some time, but that will be an amazing pay-off.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.