People tend to get overwhelmed. We all do. Our ToDo lists are ten miles long and getting longer. We are long on good intentions and short on implementation, often with valid reasons.

As I’ve been wading through study after study, report after report, commentary upon commentary, it seems clear that there are, well, a lot of problems out there. I know, I must be Einstein to suggest that. But seriously, the more a person studies and tries to understand the state of affairs, the more he might be tempted to throw up his hands in overwhelmed frustration. Then again, sticking his head in the sand is probably not a great idea either.

One of the best ways to cross the room to the door is…to take a step. Then take another one. And another. Before you know it, you’re there. Perhaps the same approach should be used for tying down security woes.

Sure, you may not know where to start. You might feel inadequate, understaffed, underfunded, underappreciated, or just plain underwater. But pick off an easy target.

If you can, start with the Jugular Vein. If your company is bleeding profusely due to a gaping security hole, such as unpatched servers or unencrypted laptops, then start there and work on a solution. If that Jugular Vein is actually a beast of a problem and that’s part of the reason you’re overwhelmed, fine, snooze it for a week or two and get something fixed. Just making a little progress will go a long way toward building momentum.

But of course the strong wisdom says get to that Jugular as soon as you can. Folks can survive a long time with a pretty deep gash on the shoulder. It’s probably not even life-threatening. But a Jugular wound will kill you pretty quick.

Start somewhere. One step at a time. Just start somewhere.