Cybersecurity Value — Embrace the Suck

In American military circles, there exists a term “embrace the suck”. It means to consciously recognize and accept that something will be extremely unpleasant so as to not let it discourage from pursuing the best path to success. It is often characterized as a situation that is misleadingly easy in appearance from an outsider’s view, but extraordinarily difficult in practice. It forces operators to optimize their situation, knowing it will never be comfortable, and pushing through anyway. With this mindset, professionals are driven to follow the best path, fully knowing it will be very difficult, and not concede to find the less productive but easier course.

For cybersecurity, measuring our value is this friction that we must contend with. The effort to do it right and achieve sufficient accuracy simply ‘sucks’ to accomplish. But without showcasing value, investment and empowerment will wither, thereby undermining the security organization’s capabilities to protect and enable the business.

Calculating security value is an extraordinarily difficult ask that unfortunately dissuades many…