Ms Dixon and I left Lord Todd and were ushered by our friendly neighbourhood bodyguard in to another reception room. This had desks and whiteboards and phones and other purposeful looking equipment. I crossed to a notice board and pinned up the summary of my analysis so far. Ms Dixon followed me and read it.
This is an odd phase of my job: people think this is when the work begins – but for me the work began walking up the wet driveway observing as much detail as I could and trying to fit it in to the whole picture. Then the important decisions were made with Lord Todd during our initial “discussions” and there had been hard choices made about objectives (exactly what he wanted from the work I was to do for him) and scope (what I was and was not to do, who I could work with and who not, what information I could use and what not, and so on).
So now I had agreed with my employer what he wanted and how I would go about delivering it, now it was time to form a plan to execute the scope of the work to deliver the deliverables. So hopefully you can see that a lot of work had already been done and the stuff that mostly decided the success or failure had already been resolved. All that was left to do was follow through on that work – not (I repeat) starting to work.
“Interesting,” conceded Ms Dixon at last, commenting on the analysis summary I had pinned up, “but obvious.”
Yes, well, magic tricks are obvious once you know how they are done. And what I had done with Lord Todd had been pure magic.
Arrogant? Me?
“Ok,” I began brightly. “What we need is a plan.”
“Fair enough … and easy enough. I’ll get the security recordings and review, you interview whoever was around at the time, then we can put the 2 sets of information together. After that I suggest a risk-based set of penetration tests on the security measures and then we can build a matrix of penetration test results to security component. We can prioritise fixes and cost them up and present to Lord Todd. Oh yes, we should also double up guards while we investigate especially round the outside and perhaps they should have infrared motion activated cameras. There are some new high resolution ones that can even reconstruct colour I’ve been meaning to try….though getting them will be a challenge I can tell you: there are only 2 suppliers and they are both German. Do you speak German?”
“Ok,” I said again, more slowly. “What we need is a plan.”
You see, the thing is, people like to talk, and they like to talk about what they are most interested in. And what they are generally not interested in is methodical planning – the only thing they are less interested in is analysis.
This is an odd phase of my job: people think this is when the work begins – but for me the work began walking up the wet driveway observing as much detail as I could and trying to fit it in to the whole picture. Then the important decisions were made with Lord Todd during our initial “discussions” and there had been hard choices made about objectives (exactly what he wanted from the work I was to do for him) and scope (what I was and was not to do, who I could work with and who not, what information I could use and what not, and so on).
So now I had agreed with my employer what he wanted and how I would go about delivering it, now it was time to form a plan to execute the scope of the work to deliver the deliverables. So hopefully you can see that a lot of work had already been done and the stuff that mostly decided the success or failure had already been resolved. All that was left to do was follow through on that work – not (I repeat) starting to work.
“Interesting,” conceded Ms Dixon at last, commenting on the analysis summary I had pinned up, “but obvious.”
Yes, well, magic tricks are obvious once you know how they are done. And what I had done with Lord Todd had been pure magic.
Arrogant? Me?
“Ok,” I began brightly. “What we need is a plan.”
“Fair enough … and easy enough. I’ll get the security recordings and review, you interview whoever was around at the time, then we can put the 2 sets of information together. After that I suggest a risk-based set of penetration tests on the security measures and then we can build a matrix of penetration test results to security component. We can prioritise fixes and cost them up and present to Lord Todd. Oh yes, we should also double up guards while we investigate especially round the outside and perhaps they should have infrared motion activated cameras. There are some new high resolution ones that can even reconstruct colour I’ve been meaning to try….though getting them will be a challenge I can tell you: there are only 2 suppliers and they are both German. Do you speak German?”
“Ok,” I said again, more slowly. “What we need is a plan.”
You see, the thing is, people like to talk, and they like to talk about what they are most interested in. And what they are generally not interested in is methodical planning – the only thing they are less interested in is analysis.
