Show Notes: https://justinfimlaid.com/not-invented-here-syndrome-for-security

Sponsor: https://www.nuharborsecurity.com

Contact Me: https://justinfimlaid.com/contact-me/

Twitter: @justinfimlaid

LinkedIn: https://www.linkedin.com/in/jfimlaid/

Have you ever had an idea to advance your company or another companies security posture?  And it’s a really good idea.  Like really good.  You do you your homework and dot the “I’s” and cross the “T’s” and your propose a superior solution that sets your organization up for, what you think, is long term success?  When you propose your idea, someone passionately proposes an alternative weaker solution.  Or worse, people take shots at your idea trying to make it look like swiss cheese for the apparent purpose of making an alternate idea better?

If yes, you might have seen and experienced the “Not Invented Here Syndrome”.

One of the more concise definitions of Not Invented Here Syndrome (NIHS) I’ve heard come from Techopedia:

“Not invented here syndrome is a mindset or corporate culture that favors internally-developed products over externally-developed products, even when the external solution is superior.

NIHS is frequently used in the context of software development, where a programmer will overlook all the attributes of an existing solution simply because it wasn’t produced in-house.”

Another variant to NIHS is the micro variation comes when the security department or CISO is accountable for security but doesn’t have responsibility for security.  So if you are security professional recommending products/solutions that are always “shot down” by those with budget authority there could be a few reasons and Not Invented Here might be the cause.  NIHS can take a couple forms (this list adapted from Techopedia):

  • The other teams don’t value the work of others.  They have pride in a negative way.
  • They don’t understand or unwilling to try to understand the benefits and lack confidence.
  • Fear that their previous ideas aren’t valued.
  • Territorial battles, e.g. internal “turf wars”.
  • Fear of having to learn something new.
  • Wanting to control the process.  Would rather “reinvent the wheel” to maintain control.
  • Jealousy that they didn’t think of the idea first.
  • Belief that they can do a better job.
  • The other teams don’t value the work of others and believe they can do better.  They have pride in a positive way.

There’s always the counter argument that the Security team always makes sub-tier recommendations and IT rather keeps the proverbial security train on the tracks.

Anyway, NIHS is a real thing and can really be barrier to completing an annual plan.  For organizations that don’t foster innovation NIHS can really be present in the way the company operates day to day.  There’s some great articles on Not Invented Here and how some of the worlds longest standing companies foster innovation and work with external ideas to make their business grow.

Some interesting links you might check out…

https://hbswk.hbs.edu/item/the-benefits-of-not-invented-here

https://www.forbes.com/sites/haroldsirkin/2017/03/09/not-invented-here-not-at-the-most-innovative-companies/#1d85172c1e35