Pioneering critical thinking, systems thinking and 
industrial-strength design thinking for cybersecurity

Cyber pros need to respond to increasing incidents and costs
Forensic and root cause analysis reveal most breaches are self-inflicted.
Caused by structural flaws wrongly designed into cybersecurity methods.
There is a better way.
Proven and practical methods create better work life and safer world for us all.

What questions do you most need to answer? 

  • What is symptom and what is root cause?
  • Why is danger increasing, including to personal safety?
  • Why is improvement so difficult, especially organizationally?
  • Why are cyber pros burned out?
  • Why is cyber left behind compared to innovation and learning in other disciplines?

What most hurts your progress?
 

  • Rising threats & attacks
  • Rising cost of people and tech
  • Uncertain outcomes

More...

  • Silos within "the business," IT and cyber
  • Mistrust and infighting across silos and people
  • Constrained resources
  • 5000+ point products, "expense in depth"
  • Hamster wheel futility
  • "Group think" conformity to fuzzy "standards"
  • People stress and burnout
  • Work-life conflict

Consider... are the above symptoms or root causes?

Symptoms.

What does forensic systems and root cause analysis reveal?

Cyber math and methods are structurally flawed due to errors that are designed into "standard" methods. It is like a structural flaw in an apartment building that was caused by a design error. Fancy decor cannot fix the structural danger.

Structural flaws flow from faulty assumptions. 

For example, is the assumption true that cybersecurity lives in a linear stable system like financial accounting? NO. Cybersecurity lives in a complex dynamic, often chaotic and highly adversarial system.

False assumptions lead to errors in math and method, data and measurement, and selection and use of point products -- leaving "expense in depth."

Method errors hurt cyber pros -- causing stress and work-life damage.

Cyber is a "wicked problem" (as described by Rittel and Webber).

More tech point products cannot solve the real problem in the real system.

Cyber pros need something more, especially...

When your needs are to...

  • Implement stronger strategies -- authentic Zero Trust
  • Accomplish business objectives
  • Avoid waste
  • Avoid incidents
  • Influence organization dynamics
  • Attract top talent
  • Give your team, your family and yourself wins
  • Achieve work-life balance

By

  • Realizing system reality
  • Fixing structural flaws at root cause
  • Redefining how we work
  • Implementing authentic Zero Trust

Your needs 
are are our mission at 
Think.Design.Cyber

  • Pioneering industrial-strength design thinking for cybersecurity
  • Pioneering cyber-domain specific coaching for people and leaders of diverse high-performing teams
  • Outcomes Accelerator Workshops for 6 months of work in 6 weeks
  • Solution hack-a-thons

Bringing proven innovation action to cyber

Better work-life balance and safer world

Putting people in the center of cybersecurity

Design started thousands of years ago.
Design thinking started a century ago.
Design thinking for cybersecurity we started over a decade ago.

Cyber forensics force asking,
"What did we miss?" and "Why did we miss it?"

Investigations are at least uncomfortable, if not ugly. As are:

  • Root causes ignored
  • Cost of damage control
  • Cost of wastefully complex security apparatus
  • False sense of security
  • Painful feeling of running faster yet falling behind

(Learn more about where cyber forensics led us in "The Story.")

Start by exploring 4 questions:

  • What is design thinking?
  • How does industrial-strength design thinking bring something different to your needs?
  • How does industrial-strength design thinking solve root causes cybersecurity?
  • What powers industrial-strength design thinking as a force multiplier in your organization?

Don't wait for security incidents and forensics:

What is design thinking?

Design thinking is thinking like a designer -- innovative problem-solving
 

Observing how people behave to discover what people might need or desire from a new product.

Design in art, architecture, clothing, food and more flourished for thousands of years. Design became formalized into schools of thought.

Design thinking formalized thousands of years of design in art, architecture, clothing and food. Then into psychology, sociology, anthropology, biology and more.

In business, design thinking has been applied in diverse products including autos, home appliances, consumer electronics, manufacturing and processed foods.

Design thinking informs the user experience in human-computer interface by blending storytelling with ease of using computers. 

Industrial-strength design involves four broad applications: style, usability, serviceability, and manufacturability.

How can we apply industrial-strength design thinking to cybersecurity? Read on...

How does industrial-strength design thinking bring something different to your needs?

If design thinking is already used in your company, then you’ve already witnessed the success in breakthroughs in new products, operations, marketing, customer service and more. As a consumer, you've benefited from design thinking.
 

Design thinking starts with challenging established norms (called paradigms, frames or perspectives in design-speak). It asks…

  • Are those still effective?
  • Were they ever?

Challenging and "breaking the mold" 

  • In art, architecture or fashion, challenge is to trend-set
  • In business, the challenge is to discover unrealized buyer needs and desires become new product opportunities
  • In cybersecurity, challenge is to reveal threats and vulnerabilities (including those caused by "trusted doctrine"), and reveal smarter ways to reduce your attack surface.
  • In military, challenge is to save lives in combat and more easily achieve mission

Design thinking realizes that:

  • Cybersecurity is not linear or static -- like diagnosing the cause of a dead battery in a car
  • Cybersecurity, like cars, is more than: secure engineering an individual part to a design, designing tools used in secure engineering, or designing a secure engineering process
  • In a dynamic, chaotic system, success comes from thoroughness and speed of thinking, learning and adapting -- like an off-road auto race


Asking these questions has led to amazing new products you've experienced in appearance plus ease of use, manufacture and service. From easier websites to delicious food to stylish clothing to engaging car dashboards, it’s all about design.

Design thinking is all around you.

Curious about design thinking in cybersecurity? Read on…

How does industrial-strength design thinking solve root causes in cybersecurity?

Design thinking is proven and practical across disciplines. In cybersecurity, consider...

For you as an individual, it gets you off the gerbil wheel -- for starters :). 

  • This starts by separating the structural flaws of cybersecurity from the implementation flaws
  • Then focuses structural flaws (e.g., wrong use of "controls")
  • Running faster on a gerbil wheel to fix implementation flaws without first fixing structural flaws won't get you anywhere.
  • This is a lifesaver! (Your family will thank you too!)

For your organization, this:

  • Helps avoid self-inflicted wounds (incidents and breaches) due to structural and implementation flaws
  • Increases resilience, especially by dovetailing systems thinking and asking, "How does it work?" and "Why does it work that way?"

Because organization methods that you are required to use fail to realize:

  • The magnitude of change, complexity and fatigue -- catalysts of risk
  • That cybersecurity is a dynamic, chaotic system -- requiring "emergent practice" ("best practice" only works for stable systems)
  • That divergent thinking is needed (convergent, siloed, group thinking invites security breaches)
  • That "frameworks" -- by being freezing learning in the past and fencing out iterative learning -- become the self-inflicted cause of security incidents and breaches.
     

Dozens, maybe hundreds of design tools are now available to the designer to revisit assumptions and discover.

But, not all are industrial-strength.

What design tools are needed? 

For the answer, read the next Q&A…

What powers industrial-strength design thinking as a force multiplier in your organization?

Industrial-strength design thinking is a rich set of tools catalyzing spectacular successes. Yet, there is more to fashion design than a color pallet.
 

For success, also needed are…

  • A process that embeds design in the lifecycle of a product
  • In business, this is New Product Management
  • To make New Product Management successful requires organizational change
  • Systems thinking to understand the "how it works" that enables "Why?" and future "What if?" questions to be asked and to discover root causes and real (not superficial) problems. Asking and learning enables "because..." answers. Like Cyber Forensics, but before a breach.
  • These "What if?" scenarios are robust and life-like as in novels or films, unlike the limited scenarios of typical risk management
  • To bring together the mix of humanities and sciences that has propelled the success of design thinking requires “diverse, diverse high-performance teams.” “Diverse, diverse” means diversity in ways that are both visible (e.g., gender and ethnicity) and invisible (thought and life journey). This is because – especially in deeply specialized disciplines like cybersecurity – diversity can hide group think and conformist adherence to “trusted sources.” Fake diversity. Meaningful diversity is needed.
  • Coaching in context of cybersecurity – not just general leadership. Instead, individual coaching for individual people specifically in context of cybersecurity and business outcomes. This is similar to individual coaching in a sport or musical instrument.

Now you know the answers to the four questions.

Are you feeling empowered by this insight? 

At least, are you curious to learn more? 

Are you an active learner by nature?


To discover more about how these insights can make your job (and life) easier, better protect your organization and make our world safer from adversaries, you are welcome to explore the "Learn More" page and join in this initiative. 


Sign up on our Contact Page to receive…
 

  • A welcome package with the next layer of insight
     
  • Notification when registration opens for an online intro to design thinking for cybersecurity

Scroll down for a bonus...

Bonus: What is unique about Think.Design.Cyber?

If you've read this far, you'd probably like to know that:

Think.Design.Cyber is different because it draws on the entirety of proven and practical industrial-strength design thinking:

  • New product lifecycle in appearance/style plus ease of use, manufacture and service. Then to generations of product renewal until retirement -- "whole-life" design.
  • Four types of industrial-strength designer-user conversations
  • Designing diverse, high-performance teams so cybersecurity design success is easier
  • Challenging existing paradigms/frames/perspectives/doctrines. This mirrors use in military. Of course, military has been a source of inspiration for cybersecurity pros.

Think.Design.Cyber is in sharp contrast to limited uses of design in tech and cybersecurity: 
 

  • User Experience (UX) – using design tools to 1) help prevent user actions that lead to an incident or 2) design security “controls” for ease of use
  • Include security earlier in software development

Think.Design.Cyber goes beyond design to draw on insights from critical thinking, systems thinking, New Product Management and organizational change. This is to achieve:
 

  • Scale beyond design the conversations that are focused on identified users
  • Efficiency and effectiveness in project management
  • Change that sticks” beyond the tenure of an initial design champion

© Copyright 2010-2022. All rights reserved. ValueBridgeAdvisors, LLC