Driven off the Road by Security Metrics

An article in the July 18, 2011 issue of TIME Magazine caught my eye. It was Rana Foroohar’s piece, on page 22, with the title “Driven off the Road by M.B.A.s: The rise of business schools coincided with the fall of American Industry.” The thesis presented is that the U.S. economy tanked because engineers were replaced by number-crunching M.B.A.s. In his new book, Car Guys vs. Bean Counters: The Battle for the Soul of American Business, former General Motors vice chairman Bob Lutz goes so far as to say that “we need to fire the M.B.A.s and let engineers run the show.”

As someone with both engineering and business degrees, I don’t buy Lutz’s argument. I think that there should be a mix of expertise, but I do agree that there should be a greater proportion of engineers in the mix … as long as the engineers understand the business impact of their decisions. In my first book, Computer Effectiveness: Bridging the Management-Technology Gap, published way back in 1979, and currently available for a penny on, I advocated introducing ombudsmen with technology backgrounds (read “engineers”) to explain (or translate) to management (read “M.B.A.s”) the capabilities and implications of computer technology. Perhaps if that concept had been widely adopted, we wouldn’t be bemoaning the deterioration of American business, as Bob Lutz is doing.

In any event, what particularly hit home in the TIME article was the quotation that “if you can measure it, you can manage it” in the context of former Ford president, Robert McNamara, having spearheaded the “extreme number crunching” movement. Sound familiar? I discussed the fallacy of the measure-manage mantra in my October 5, 2009 column “Security Risk Metrics and Decision Making Revisited” and again in my November 30, 2009 column “Lord Kelvin’s New Clothes and Security Metrics.” In the latter column I mention Gary Hinson’s ISSA Journal definitive article “Seven Myths about Information Security Metrics,” published in June 2006.

Post a Comment

Your email is never published nor shared. Required fields are marked *