David Spark

Quote, every point of friction has a cost.

If it doesn't earn its place, it shouldn't exist.

End quote.

This is Brett Conlin.

He's over at American Century Investment, and he frames it as deceptively simple.

Friction doesn't just slow teams down.

It changes their behavior.

Extra approvals, redundant tools, processes that exist, quote, just in case.

These all feel defensible in isolation, but collectively they push people off the intended path and onto workarounds that introduce the exact risks the controls were meant to prevent.

The real tell is that controls get added faster than they're removed.

Most security programs never ask if an existing process meaningfully reduces risk or improves outcomes.

Is it, I'm going to ask you, Mike Johnson, as simple as asking that for your controls and processes?

I mean, can you just ask this question?

And if so, how much extra process baggage are we all sort of holding on to?

All right.

Mike, I'm going to throw this to you.

Have you done this exercise?

And I'm interested, have you actually removed or controlled?

Yeah, great question.

The answer is yes and yes.