Managing the Chaos
Most people who know me well are aware that my life is extremely multithreaded. In addition to working full time in the cybersecurity profession, I also run my own business and sit as adjunct faculty at several universities. Despite this level of activity I still find time for family and to exhale from the chaos regularly.
Recently several of my colleagues have asked me for my “secret” to running a multithreaded life without going insane. After putting some thought to my scheduling habits, I’ve realized that it comes down to four essential practices that I’d like to share with you here.
#4: The Big Rocks Theory.
Most of us have heard Covey’s “Big Rocks” Theory of time management; if you haven’t you can find a video about it here. Simply put, the Big Rocks Theory reminds us that the only way to make everything fit within a busy life is if you put the Big Rocks into your schedule first. The theory challenges us to define what those Big Rocks are in your life and to make them sacrosanct in your schedule. Whether it’s vacation; exercise; meditation, family time; or simply just an hour to yourself every week or so, make your Big Rocks the first thing that you schedule and keep them as immovables in your week. In the long run, you will be healthier and happier.
#3: Set and Communicate Your Boundaries.
Security professionals often feel like the weight of the world is on our shoulders; as such, we have a difficult time shutting off and/or walking away from our duties. This leads to stress, burnout, and potential family challenges.
Many years ago I learned to place limits on my schedule and my availability. These boundaries are always straightforward, and would depend upon my role within the organization. For example, my boundaries as a security consultant are that I stop work NLT 6pm on Fridays and do not answer queries (phone, email, etc) before 8pm on Sundays. When I was a CISO for a global company, my boundaries were a bit more intricate and included the following additions:
I don’t take meetings that start before 8am or end after 6pm, except to accommodate a global audience
When I take vacation, I shut down completely. My team is trained and authorized to speak for me in my absence
I don’t look at emails or other electronic media after 8pm on weeknights or during the weekends. If it’s an emergency, my cell phone is always on.
Setting boundaries - and communicating them - helped me (a) to avoid inundation by the operational minutia of my job so that I could think strategically; as well as (b) get some well needed downtime. It also had the secondary benefit of letting my team know that they could also set their boundaries and expect them to be respected - which relieved some of the stress associated with our profession.
#2: Never Double-Book Yourself.
I freely admit that this is a pet peeve of mine.
Some people think of double booking as a way to maximize their time and efficiency; I disagree. Double booking assumes that the one (or both) of the people you are meeting don’t understand the true amount of time they need from you. This assumption, in and of itself, is rude. It assumes a lack of competency on the part of the scheduler and results in short-changing either one or both of the overlapping meetings.
My calendars (all five of them) are sacrosanct. I don’t book back to back meetings inorder to leave time to transition between venues, and I never double book. Further, once you’re on my calendar your meeting is the priority for that time slot. Only a small handful of people get to change/move a meeting on my calendar; they start with my family and my boss (in that order) and move up my reporting chain to the CEO. If my presence at a meeting is “vital” then I do not believe it to be unreasonable for me to expect that (a) the requestor find a time within my schedule that respects my commitments and scheduling boundaries; or that (b) the requestor indicates the priority of need to my chain of command so that I can adjust my priorities accordingly.
#1: Email Zero.
I saved the best habit for last.
Most of us tend to use our inbox as a “to do list." I have found it both useful and cathartic to get my email down to zero at least once every two weeks. Not only does this ensure that lingering action items actually get addressed on a periodic basis, but the feeling of an empty email inbox can allow for a moment of exhale and a sense of accomplishment that can be more relaxing than yoga or staring at the ocean. As a CISO I would average 300-500 emails entering my inbox daily; it would take me leaving the office and going offline for 4 hour a week to guarantee Email Zero but I did it religiously. In my current multithreaded life (which includes full time employment on the CISO staff of a Fortune 500 company) I manage nine email inboxes; as we speak, there are a grand total of twelve emails across those venues that I need to address in order to get to Email Zero this evening.
* * * * *
As you can see, there are no silver bullets or magic potions here; these are just habits that I have found useful. See which ones make sense for you and integrate those into your life. You won’t be sorry. My two cents…