In my last blog, I shared the progress we’re making toward building the Cisco Security Cloud, an open, integrated security platform capable of tackling the rigors of securing highly distributed, multicloud environments. This was an honest assessment of what we have achieved and celebrating our significant accomplishments, moving the needle forward on our vision. I want to share how we approach our research, development, execution and what are our core principles to driving innovation at scale.
In any large organization with a diverse enterprise-grade portfolio varying in adoption levels, solution longevity, and product category maturity, you will find the need to continuously look for ways and means to drive efficiency and excellence. We are fortunate to have loyal customers who trust that with Cisco, they can both secure and manage risk to their organization. Our focus has been to meet customers where they are, and that involves delivering security solutions in various form factors and platforms for a hybrid, multi-cloud world.
To do this, we are evolving our engineering organization to deliver on ambitious goals through higher levels of agility. Agility requires the courage to break down organizational silos and embrace the notion of failing fast and learning even faster from those failures. But engineering organizations like ours also have our “day jobs” with the reality that constantly changing customer and business environments can wreak havoc on engineering roadmaps. This leads to the inevitable difficult decision on whether to focus on the backlog of customer-requested features, versus delivering new, innovative features that move the industry forward.
Another way to say this is that as much as engineering organizations strive for agility, we have to be cognizant of how much our customers crave predictability in terms of their security operations and feature delivery from vendors like Cisco. Let’s look at this from the lens of a customer-impacting factor that may make security operations less predictable: security incidents.
- According to our 2024 Cybersecurity Readiness Index, 54% of organizations said they have experienced a cybersecurity incident in the last 12 months.
- The latest Security Outcomes Report shows preventing incidents and mitigating losses are the top priorities for security resilience overall.
These numbers are meaningful because cybersecurity is a critical part of any business and part of business resilience plans, which can involve public disclosures. Cybersecurity is also in the line of critical operations functions and can be a cause of major disruptions for the entire business when it fails. So, that is the high-stakes nature of the balancing act we have in front of us with one end of the see-saw being our desire to achieve agility with the other end being our responsibility to our customers to be predictable in their security operations, which are becoming ever more critical in the viability of their businesses.
A pragmatic approach to balancing agility and predictability
Leading a large engineering organization in charge of one of the broadest security product portfolios has challenged me to think about this critically. There are many ways to balance agility and predictability, but we’ve been able to distill this down to a pragmatic approach that I believe works best for us.
Careful short and long-term planning.
This is a critical step that provides the framework for building an engineering org that is both agile and predictable. It starts with iterative planning that allows for reviewing and adjusting plans based on market feedback and changing conditions. This includes meeting shorter-term commitments and regular updates to maintain customer confidence while allowing for adjustments. We also use agile retrospectives and adaptive planning to ensure forward progress and our ability to incrementally improve.
Resource allocation and ruthless prioritization play a key role. We achieve this through segmentation and portfolio management, segmenting a product portfolio into different categories based on levels of predictability and innovation. We exercise scenario planning for risk mitigation and management, developing scenarios that explore different market conditions with strategies for responding to ensure we make informed decisions in uncertain conditions. This helps us identify and mitigate risks that may impact our agility and predictability, account for potential disruptions, prioritize appropriately, and manage expectations.
Clear and consistent communication.
One of the most important aspects of this is the need for clear and consistent communication. As leader, it is my responsibility to clearly articulate the benefits of agility and explain the steps we need to take to ensure the predictability and delivery needed for stable operations. My philosophy is that shared outcomes involve “shared code” that results in a platform-centric development approach and an inner source execution model that allow for acceleration of feature development and delivery velocity.
An org culture willing to adapt.
Even the best of plans will fail without capable people who can and are willing to execute on them. For us, this involves an on-going evolution across our large, highly distributed engineering organization to foster a culture that values both agility and predictability and aligned with one of Cisco’s core values: accountability. A few of the ways we’ve seen success are by:
- Encouraging cross-functional collaboration and open dialogue about the challenges and benefits of both approaches.
- Ensuring leadership is aligned with the organization’s approach to balancing agility and predictability.
- Creating opportunities, like Hackathons, to fail fast and learn even faster, explore the art of the possible, and to dive into technology to solve unexpected challenges.
- Ensuring consistent messaging and support for team members.
Effective processes, not bureaucracies.
Processes often get a bad rap because they are often associated with bureaucracies that can hinder speed and progress. But processes are critical to make sure we’re executing our plans in the intended ways with the ability to measure progress and adapt as necessary. In our goal to balance agility with predictability, we have implemented some specific aspects to processes that work best for us.
- We blend agile methodologies with more traditional project management approaches (e.g., agile for new features, waterfall for foundational infrastructure). Our processes allow us to take a “dual plane” approach to innovation with one plane focusing on predictable, stable delivery while the other explores innovative, experimental initiatives.
- As the aphorism goes, “you can’t manage what you can’t measure”. We have implemented an outcome-focused approach toward metrics that shifts the focus from output (deliverables) to outcomes (business value). This allows us to demonstrate how agility enhances the ability to deliver value quickly and adapt to market changes, solving some of the toughest challenges for our customers.
- We take a customer-centric approach in all things we do. This means we use customer feedback and market insights to prioritize and guide innovation efforts. This includes dedicated customer advisory boards, and programs built around the voice of our customers like NPS surveys. This helps ensure that agility is directed toward meeting customer needs and not innovating for innovation’s sake.
Our processes involve adaptive governance and continuous learning that accommodates both agility and predictability. This includes providing guidelines for making decisions in dynamic situations, continuously assessing what’s working and what’s not, and encouraging a learning mindset and adjusting strategies accordingly.
Innovating to win
Taking a customer centric approach to all things we do, we’ll continue focusing on the breakthrough successes that showcase our ability to be both agile and predictable to meet market demands and deliver customer outcomes. One example of this is how we, as the official cybersecurity partner of the NFL, helped secure this year’s Super Bowl that was the most watched telecast in this game’s history. We also continue our incredible work with AI and Generative AI like the Cisco AI Assistant for Security to simplify policy, and AI-enabled security operations through innovation for both AI for security and security for AI. When we strike the balance of agility and predictability, we innovate to win.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Your insights on balancing agility and predictability in cybersecurity engineering are inspiring. As we navigate the complexities of AI in security, your approach is invaluable. I’m particularly excited to delve deeper into Cisco’s AI-enabled security operations and discuss how we can ensure responsible AI use while maintaining agility and predictability.