Welcome to the SecAware blog

I spy with my beady eye ...

29 Jul 2021

Pinball management


It could be argued that ‘management’ of all kinds (including information risk and security management) is or rather should be a rational process, meaning that managers should systematically gather and evaluate information, take account of sound advice, make sensible decisions, put in place whatever is necessary to implement the decisions etc., all the time acting in the organization's best interests, furthering its business objectives, strategies, policies etc.

In practice, there are all manner of issues with that approach that complicate matters, frustrate things, and lead to ‘suboptimal’ situations that may be - or at least appear to be - irrational, inappropriate or unnecessary. 

In particular, there are numerous paradoxes. For examples:

  • The obvious core objective of a typical commercial company to make a substantial profit for its owners may conflict with various ethical and legal objectives to spend money on protecting and furthering the wider interests of society and individuals - including their privacy. 
  • There's a fine line between motivating/supporting/encouraging/directing and demotivating/micro-managing/exploiting employees. 
  • Efficiency in most matters comes at the cost of effectiveness, and vice versa. They say quality is free, but is that a lie? 
  • Locking secrets or other valuables in a vault limits their utility and hence practical value, but releasing them puts them at greater risk of theft and illegitimate exploitation.
  • There is literally no end of potential investment opportunities, but finite resources to invest, plus unavoidable costs of simply being in business.
  • Bonuses may be achieved selfishly in the short term by sacrificing the long game, presenting social and ethical challenges that are difficult to counter. 

Faced with all that and more, it occurs to me that corporate management is a bit like pinball. Managers are:

  • Identifying and hopefully hitting the targets that score points while simultaneously avoiding various static and dynamic hazards, some of which come out of left field;
  • Using and refining whatever techniques and resources are available, perhaps nudging the table tentatively or finally getting the hang of that cool ball-spinning back-flip maneuver;
  • Coping bravely with the challenges and setbacks, while also creating/engineering and taking advantage of opportunities that arise along the way.
As with the pinball table in play, there’s a lot going on in and around any organization, of any size. [Senior] management’s high-level perspective and involvement extends across the entire enterprise, while most individual [mid-level and junior] managers tend to be focused on and able to deal with just part of it, and staff are mostly heads-down, slogging at the coal face, creating actual value: it’s a team effort.

Experienced managers appreciate that things don't always go to plan. Where possible, they prefer to retain their options and flexibility as long as practicable, and yet making real progress on almost anything requires commitment and decisive action, collapsing those options to a much smaller subset.  

No comments:

Post a Comment