Not too long ago I had a customer, “Joe”, explain to me how he overcame organizational challenges and got his network team to operationalize the findings from RedSeal.
Joe started by taking advantage of RedSeal features that can be leveraged immediately upon deployment, such as the Best Practice and STIG checks. He generated a report and sent it over to the transport team, convinced that they would recognize the findings’ importance and promptly start remediation efforts.
Unfortunately for Joe, the transport team was busy with their own operational tasks, and he’d just dumped a phonebook worth of problems in their lap. The first issue they had: More work! More importantly, they had no idea where the data came from and didn’t trust its accuracy. They reacted the same way the people I’ve worked with did; they ignored it. They had to focus on their own priorities. It’s hard to justify overriding operational or mission requirements with new (not mandatory) tasks.
Joe is not the type to be ignored or take no for an answer; he chose another tactic. He printed three high priority findings and personally showed them to the most receptive network team members. He didn’t present the findings as issues that needed immediate attention but instead, he asked for help in verifying the findings. They reviewed the three findings, validated them as real issues that needed immediate resolution, then thanked Joe for sharing them.
A few days later he did the same thing with the same result. After weeks of this, the network team came to trust the findings and wanted to know where they came from. He told them it was RedSeal, and they jumped at his offer to have the reports automatically emailed to them. They wanted to learn what else RedSeal could provide.
What I learned from this is if you want to gain acceptance, you can’t just dump mountains of work on an unwitting team that is already over tasked. You have to slowly gain their trust a little bit at a time. Show them that you’re really on their side and not there to tell them they are doing things wrong. Once they have confidence in the data, they will ask for more. Once they gain trust in the results, they will operationalize it into their own workflow as a willing participant… rather than a reluctant recipient.