For all three of my boys, wrestling has been around as long as they have. As long as wrestling has been around them, coaching has been around me. I volunteer and assist running the youth team in our town, and although all my boys have passed through the team, I think the lessons wrestling taught them were very important.
One such lesson is the “Pain of Discipline vs. the Pain of Regret”. The idea behind this is that if you work hard and show self-discipline in the wrestling room, you will not have to feel the pain of losing a match later on. It forces you to ask yourself, “is the hard work now worth the victory later?”
This summer both of my high schoolers have been going to practice everyday and understand that they have to work hard now to win later. They must cover all their bases to ensure everything goes smoothly down the line.
I’ve realized that information security works under the same focus. We don’t want to spend the extra time to think up a stronger password, backup files, convene an information security committee meeting, write policy or invest in a firewall. All those things are pain of discipline actions. It will hurt a little bit now but help us avoid it hurting a lot later.
And hurting later includes the greater of the two pains, the pain of regret. Like when we lose the key proposal or a customer contract to a bad sector on a laptop or server. Or when a client asks us to prove we have a security committee and follow whatever alphabet soup regulation they are accountable to. Or when our weak password is easily guessed and your business penetrated. Or when you have to terminate an employee for inappropriate behavior but can’t produce the policy he violated. Or when ….
So take the time to hustle in practice and work to win the match.
Take the time to invest in your future and endure the pain of discipline by considering information security’s role in your business and avoid the pain of regret that comes with the impact of a future predictable risk.