Part 2 – From Problem Solving to Solution Design: Tackling Cybersecurity Leadership Issues Head On

In my previous introductory post, I shared an overview of a new blog series being launched here. This included why you may want to read this series. Here are more details about the structure of the series…


This series comprises this introduction and five articles covering each checkpoint recommended to leverage the existing embedded knowledge in your organization, following the “I.D.E.A.S. Framework” (Campos & Campos, 2018) as shown below:

Fig. 1-Intro. “I.D.E.A.S. Framework,” (Campos and Campos, 2018)

Here is a glimpse at what you will find in each article:

In Article 1: Identify, you will learn that before you do anything else, you must step back, reflect, and clearly define the fundamental problem you are trying to solve. I will use case studies to illustrate how to do this, including how to use the Five Whys Analysis Method, which helps isolate a problem’s actual root cause. I will also suggest mapping and engaging your stakeholders, stating your goals, and prioritizing your actions to solve the fundamental problem. Finally, you will find tips on how complex issues can be broken down into small, manageable components.

In Article 2: Design, you will learn how to set your goals for Solution Design and design solution options. I also cover pragmatic risk management strategies.

I will share case studies dealing with complex problems that lead to crises. As you will see, if you take measures to mitigate risks before they lead to an emergency, you can create a sustainable solution and avoid recurrent fire drills (like the fire-brigade exercises, in which the fire alarm sounds, simulating a fire in a building and triggering emergency procedures.)

In Article 3: Engage, I will share suggestions on preparing your stakeholder engagement plan and influencing the decision-making process.

Stakeholder engagement is the core of any successful solution design process. Here, you will learn how to identify your key stakeholders, handle objections and match motivations, and assess the decision-making power grid from real-world scenarios. You will read about the importance of sharing credit with your stakeholders for any successes obtained with your recommendations—the best way to ensure the implemented solutions last longer. You will learn what a marketable solution is, how to prepare your engagement, how to use trade-offs and concessions, and the importance of communicating the decision as clearly and concisely as possible. Finally, you will discover how to get your stakeholders to commit to your solution, help your decision-makers decide, and use proven practices to reach your desired decision.

In Article 4: Act, I will show you how to drive your strategy, allowing for smooth implementation and results measurement. Here you will read real-case scenarios on tapping into existing control frameworks to coordinate your solution implementation across several types of committees. Finally, this chapter will highlight techniques to help raise awareness about the solution to be adopted.

In Article 5: Sustain, I will cover a critical milestone in the solution design journey. After all the hard work you have put into identifying the problem, designing solution options, engaging stakeholders, and convincing them of the validity of your recommended solution, it is time to plan the envisioned sustainability. Consider including criteria that address solution sustainability during the early stages of options assessment.

Here, you will learn how to leverage the organizational lifecycle to ensure your solution lasts, maximizing the resources and efforts invested in implementing it. Finally, you will learn how to create a feedback loop, guaranteeing that any input received after implementation gets captured and is applied to extend the life of the solution. In many cases, at this stage, you might want to start all over again, adjusting or improving your solution to keep it relevant to your organization’s ever-evolving complex problems.

In this article and throughout the series, you will find pragmatic, real-world case studies anonymized using composite characters, name or gender changes, and a change of the respective organizations’ sectors, focus, or businesses.


Treat this blog series as your field guide: It offers clear checkpoints to assist you and your organization design practical solutions for complex problems like cybersecurity. Please read it in any order you feel comfortable with, either sequentially or directly to the information you need help with within your solution-design process.

You do not need to make your solutions right the first time. Remember, it is better to try options out, make mistakes, iterate with your stakeholders, correct the course, and rinse and repeat. You should not wait for the perfect solution to find you—it does not happen like that. The only way to arrive at the “perfect” solution is to try, ask “why,” and try again.

Ultimately, I want you to feel empowered to get out of your seat and dive into solution-design options that can help your organization solve cybersecurity issues across organizational borders, time zones, and cultures.

I wish you a good reading!

Eduardo Campos EMPA CISSP CPP


You can find additional content and references here  if you want to dig deeper.

J. Eduardo Campos, EMPA CISSP CPP (He/Him)

Board Member | Author | Executive Coach | Advisor
Talks about #ciso, #cybersecurity, #executivecoaching, #leadershipdevelopment, and #artificialintelligence