I love reading the works of the achievement and leadership greats. Their words, some of which date back centuries, not only provide insight and motivation for my career, they also validate many of the challenges we face in IT and information security today. These ideas are great additions to my writing and speaking and they're also, arguably, the one shoe-in we have with management on the points we're trying to convey.
Here are some great quotes from some famous people that you might find beneficial to your situation, especially if you're having trouble getting buy-in from the higher-ups:
- "You can't talk yourself out of a problem you behave yourself into." –Stephen Covey
- “If you really want to do something, you'll find a way. If you don't, you'll find an excuse.” –Jim Rohn
- "To see what is right and not do it is a lack of courage." –Confucius
- "Errant assumptions lie at the root of every failure." –Alec McKenzie
- “The person who insists upon seeing with perfect clearness before he or she decides, never decides.” –Henri Frederic Amiel
- "In the absence of clearly-defined goals, we become strangely loyal to performing daily trivia until ultimately we become enslaved by it." –Robert Heinlein
- "You are the way you are because that's the way you want to be. If you really wanted to be any different, you would be in the process of changing right now." –Fred Smith
- "An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple." –Jay Abraham
- "Experience is valuable only if it's imbued with meaning from which one can draw salient conclusions. Otherwise, experience becomes imprisoning." –Barry McCaffrey
Here's one I know you can relate to:
- “Many executives are insulated from reality and consequently don't know what the hell is going on.” –James Champy
And here's my all-time favorite:
- "We can evade reality but we cannot evade the consequences of evading reality." –Ayn Rand
I hope these help you draw attention to and grow your information security program in a positive way. Consider using these quotes as part of your information security mission statement defining what to do (or not do) in your security program. As with all complex business matters, don't expect short-term perfection. Instead, aim for incremental improvements over time. It can be done…if you make it so.