The  Blog


Lessons from W. Edwards Deming for Cybersecurity

Nov 01, 2022

Lessons from W. Edwards #Deming for #cybersecurity -- It’s about how we build knowledge to outthink our enemies to avoid #ransomware

For Deming, it wasn’t just individual methods that need improving, it was also the system of creating knowledge and the system for educating people.

Deming’s System of Profound Knowledge has 4 aspects: appreciation for a system, knowledge of variation, theory of knowledge and psychology.

For cyber pros:
* Appreciation for a system – Recall from, a system is more than tech, it includes the behavior of our enemies and ourselves.
* Knowledge of variation -- What root causes of incidents are designed into a system and which are not? Deming observed that by expanding a system view, more causes are part of a system.
* Theory of Knowledge – This is Critical Thinking and Epistemology that is central to Design Thinking. For Deming, this started with providing a new, outside view and included thinking in new ways. For fun, “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.”
* Psychology – Deming put people in the center. To successfully apply knowledge, he stressed the need to remove fear from the workplace, realize the power and pleasure derived from intrinsic motivation and cultivate cooperation.

More from

Consider for cyber:
* How much training is tech and tactics versus education in how a system works?
* Would you fly on a plane with a pilot who only knew components?
* How do root cause analysis methods in cyber compare to more robust methods in other disciplines?
* Would you go to a doctor whose methods were as siloed as those in cyber?
* How to design out root causes that were designed in?
* How often is cyber limited by structural blindness, cognitive bias and groupthink?
* How often are cyber pros setup to fail by methods they are forced to use?
* How often are cyber pros setup to fail by training methods?
* What if cyber used Japanese quality circles of people who understand the system?

One way this comes together is in authentic #ZeroTrust from John Kindervag.

At Think.Design.Cyber, we build on Deming and his colleagues:
* Design Thinking 4 Cybersecurity online course
* Our Outcomes Accelerator Workshops seeking to achieve 6 months of work in 6 weeks – in Deming’s hybrid education-advisory style
* Most importantly, putting people in the center with Prachee Kale ‘s coaching tailored to cyber pro personalities

More insights at Think.Design.Cyber. and

As always, to learn more about how to implement, reach out.

The W. Edwards Deming Institute
#CyberTheory Institute