Today, I am going to show you a method that you can use to build a highly successful security program in under 30 minutes a day – the calendar carving method.
This is a process that will help you be hyper-focused on achieving your security goals.
The cybersecurity problem
If you are responsible for the information security at a small or mid-sized organization, that’s likely not the only responsibility that you have.
And I don’t have to convince you of all of the unique struggles that small and mid-sized organizations face – little IT budget, lacking team members to keep up, and one of the toughest – never enough time.
It likely seems that no matter how much time you spend trying, you can never catch up with the TO-DO list or the WANT-TO-DO list.
Does this sound familiar?
If so, keep reading because I’m going to show you a method for creating hyper-focused time blocks that will allow you to make drastic headway on your security tasks.
The calendar carving method
I call this method the calendar carving technique because you actually carve time out of your already-full calendar to address a specific issue – in our case security.
Here’s how to do this:
Step 1: Select Days
Begin by selecting one to three days a week that you will dedicate to security tasks.
Take Monday, Wednesday, and Friday, for example.
Now, for each of these days, pick a time slot of 30 minutes that you will dedicate to your information security program.
The time that works best for you will likely differ depending on your organization.
Here’s one trick that may work –
If you have a one hour lunch break, try taking your lunch 30 minutes early.
That way, when you get back, most people will be gone.
Those who are running late will be on their way out as well.
Again, pick this time slot based on when you know you can actually get some quiet time.
Step 2: Get quiet
Make sure your quiet time is actually quiet time.
Studies have shown that we can be more productive when we focus on tasks for short time-blocks.
So, when your 30-minute security slot rolls around, make sure that the 30 minutes is actually dedicated to security actions – not “researching” or other things.
Turn your phone to silent; I like to leave it in another room or put it in the drawer so it’s not a distraction – you know – that important LinkedIn message, right?
Next, close your email application
They can wait for 30 minutes.
One final thing that can deter walk-ins is close your office door.
If you’re in an open space, put on headphones.
Then, should someone walk up to ask a question, they’ll most likely respectfully turn around and come back later.
Step 3: Monthly days
Once you have your security day slots booked, it’s time to set up a monthly slot.
Pick one day a month that you will dedicate the entire afternoon to security (maybe morning for you).
Then, when that afternoon comes, take the same steps as you did for the day slots to ensure that you aren’t distracted or sucked into other tasks.
Step 4: Quarterly days
Schedule one or two consecutive days every quarter that you can focus on security tasks.
These days work well for tasks that require more time or require down time for the organization.
For example, if you need to build network segmentation for the HR department, working on say a holiday or Saturday/Sunday combo might work best.
If you begin carving these 30 minute hyper-focused sessions out of your calendar, I guarantee that you will begin making rapid progress.
Outside of your security-focused slots, begin making a list of the tasks that you need to complete.
There are many tools for this – Sharepoint tasks, Trello, Monday, etc.
But have a list of the things you need to complete broken into micro-tasks – tasks that can actually be accomplished in 30 minutes or less.
That way, when your security focused slot comes, you can begin completing tasks.
So, that is what I call the Calendar Carving Method for building a security program.
Tomorrow, I am going to tell you about a security design that you can begin implementing in your security slots that will drastically reduce your attack surface.