What are the best strategies for new technology leaders to propose & implement change at their organizations?

Try spending a week or two just talking to people without diving into the tech, and really hone in on the lay of the land, because even though you've arrived at what the answer may be in your head, there's another layer of validation in there, and there’s value in making sure you're hearing the story correctly before you dive in with a technical solution. And from the business perspective, being able to spit back what you've heard from the business in their language before you move forward with the technology will also be a powerful tool for you.

Anonymous Author
Try spending a week or two just talking to people without diving into the tech, and really hone in on the lay of the land, because even though you've arrived at what the answer may be in your head, there's another layer of validation in there, and there’s value in making sure you're hearing the story correctly before you dive in with a technical solution. And from the business perspective, being able to spit back what you've heard from the business in their language before you move forward with the technology will also be a powerful tool for you.
2 upvotes
Anonymous Author
Even though my role is IT and security, security is obviously the biggest hotbed right now for a lot of companies. Last year when the “new concept” was everybody on shift-left and InfoSec first, I said, “Where the hell have you been for the last 5-10 years?” I put the onus on the developers all the way through. As for the security component, I said, "I’ll give you an example of a top security company that was infiltrated from the backend, the code was checked in, it was compiled and it was delivered to the clients. And, the orchestration took a long time and it was a nation state effort, but guess what? That was SolarWinds."  If you're going to tell me that endpoint protection, VPN, etc., are not critical path items then I'll be giving my notice. You have to take into account every endpoint, every piece. A lot of that, in the security realm, is not assuming anything. It's culture.
1 upvotes
Anonymous Author
My previous role was at a 13-year-old startup as far as I was concerned, so it was a mad rush to get all the basic security stuff in place. I really took my time to really understand and make connections before I started making any changes because things had been the way they were for a while. It was also helpful for me to educate people who didn't understand how things evolved. They’d start out saying, “We've always done it this way.” But then I’d get people to admit, “Well, actually this wasn't my process. I inherited it and it's just what I do and maybe it's time to rethink it.”
3 upvotes
Anonymous Author
One of the CISOs I used to work with many years ago had a concept that security is the enabler of a frictionless ecosystem. So if you manage it correctly, you can pivot the conversation around the fight for change because you become the lead-in and can actually help support driving revenue if it's designed correctly. We're sort of at that point right now, because the more breaches that occur, especially in my line of business, I actually have to go in prior to the sales rep to explain how we'll secure this stuff. It's an interesting dynamic.
2 upvotes
Anonymous Author
Obtain buy-in by demonstrating end user experience enhancement. oftentimes we think from technology perspective but how will it affect users downrange that is the real question. If you involve them early enough and have their input into your proposed changes they will be much better accepted and executed vs. top down decision making or decision making where end recipients of said services have 0 involvement in their selection.
2 upvotes