In the past few weeks, I’ve received similar questions from two different companies, which I’d like to reflect on here.
Both organizations were in the process of crafting strategies for critical areas: one for AI and the other for cybersecurity. Their question to me was whether it would also be important to develop a strategy for process and culture. Specifically, one asked if an Agile strategy was necessary. Since I view Agile as a means to an end rather than a goal in itself, I prefer to frame this as creating a strategy for culture and process.
As someone who values the Agile mindset, my immediate answer was: “Yes, it’s essential to align a strategy for AI or cybersecurity with an Agile mindset.”
Here’s why.
Cybersecurity: The Risk of Becoming a Bottleneck
When implemented in isolation, cybersecurity can inadvertently act as a roadblock for an organization. While the cybersecurity team might excel in their role, their actions can unintentionally hinder other areas of the business. When security measures make employees’ jobs unnecessarily complicated, they will inevitably find workarounds—sometimes at the cost of even greater security risks.
For example, enforcing frequent password changes might lead users to choose weaker passwords or write them on sticky notes under their keyboards. These unintended consequences stem from a lack of alignment between security processes and the day-to-day realities of employees.
Here’s where Agile principles, such as collaboration, come into play. A cybersecurity strategy must prioritize making secure work simple. Success can be measured through KPIs like how easy employees find it to complete their work securely. Gathering anonymous feedback through surveys is a practical way to track this.
AI: Avoiding the Cheetah and Concrete Block Problem
The need for alignment becomes even more evident when we look at AI strategies. Too often, AI initiatives are isolated within specialized, fast-moving groups—sometimes with flashy names involving an “X.” While these groups might deliver impressive results in their own domain, they often remain disconnected from the rest of the organization.
Without an Agile strategy, the core of the company can become a concrete block, while the AI team races ahead like a cheetah. Over time, the connection between the two weakens, and the AI team may become so detached that it fails to make a meaningful impact on the larger organization.
To prevent this, the organization must align its processes, governance, and overall strategy with its AI initiatives. This means breaking down bureaucracy, eliminating silos, and replacing rigid top-down control with an adaptive and collaborative framework. Strategies for security, legal, and other functions must also be synchronized to ensure the seamless integration of AI into the company’s operations.
In both cases, aligning strategies isn’t just about introducing Agile practices; it’s about rethinking the organization’s culture and processes to foster collaboration, adaptability, and speed. Whether it’s AI, cybersecurity, or any other major initiative, an aligned and integrated approach ensures these strategies truly benefit the entire organization.
