Operational Professionalizing vs Proceduralizing
As a Security Operations team grows and matures, repeatable outcomes and standards become increasingly important over time. It’s natural that many kinds of work which were once ad-hoc begin to need defined procedures. Perhaps the company becomes covered by a regulation which requires these specific procedures to exist, or perhaps management has aligned itself to a framework which recommends them. Whatever the reason, as a result, the team begins writing playbooks, processes, and holding themselves to account for following those. But what happens when this effort goes too far past professionalizing the team and becomes proceduralizing? As a long-time volunteer Fire & Rescue responder I have been in close contact with professional responders for decades. Years ago I heard from peers about a pilot experiment to improve patient outcomes for Emergency Medical responses. Each medic was given an iPad with patient-tracking software on it. The idea was that, on scene and en-route to the h