If the bottleneck is essentially about people with relevant expertise not ‘getting it’, then I tentatively suspect that the ideal model for this path for relevant orgs would look like a consultancy. E.g. advice about how to manage contractors, and helping to onboard contractors, rather than trying to ~do the work.
If that’s right, then it suggests that we need relatively few people actually developing this skillset.
(Similarly to how mental health is instrumentally very important for doing good, and it’s great that there are people thinking specifically about mental health in the context of maximising positive impact, but I still wouldn’t recommend ‘psychiatrist/counsellor’ for (m)any people who hadn’t already built up a bunch of relevant expertise.)
I think I’d start with solving the problem for 1-2 EA orgs, in the spirit of “do things that don’t scale”, and once that works (which will probably be hard in several unexpected ways), I’d try to scale to a consultancy that helps 10 orgs at once.
This is only based on my unverified guess about making a product that would fit what the orgs would say “hell yes” to, and my unverified-in-this-situation intuition that starting by trying to solve the problem in a scalable way before doing it for 1-2 “individuals” usually doesn’t work.
(I can elaborate on my intuitions, but if someone read this and disagrees—I encourage you to ignore what I wrote)
Regardless of building a solution (consultancy?) that orgs will say yes to, I also think there’s something healthy of having a single person in the org (the head of security?) who is personally responsible for the security going well (having “power” to make decisions, having information and knowledge to either make decisions or vet other people’s opinions), and this often isn’t the situation with consultancies, who are not in fact responsible in the way I mean.
I can also imagine a trusted consultancy that very specifically helps hiring competent people to be “head of security”.
Thanks! This reply is very helpful.
If the bottleneck is essentially about people with relevant expertise not ‘getting it’, then I tentatively suspect that the ideal model for this path for relevant orgs would look like a consultancy. E.g. advice about how to manage contractors, and helping to onboard contractors, rather than trying to ~do the work.
If that’s right, then it suggests that we need relatively few people actually developing this skillset.
(Similarly to how mental health is instrumentally very important for doing good, and it’s great that there are people thinking specifically about mental health in the context of maximising positive impact, but I still wouldn’t recommend ‘psychiatrist/counsellor’ for (m)any people who hadn’t already built up a bunch of relevant expertise.)
I think I’d start with solving the problem for 1-2 EA orgs, in the spirit of “do things that don’t scale”, and once that works (which will probably be hard in several unexpected ways), I’d try to scale to a consultancy that helps 10 orgs at once.
This is only based on my unverified guess about making a product that would fit what the orgs would say “hell yes” to, and my unverified-in-this-situation intuition that starting by trying to solve the problem in a scalable way before doing it for 1-2 “individuals” usually doesn’t work.
(I can elaborate on my intuitions, but if someone read this and disagrees—I encourage you to ignore what I wrote)
Regardless of building a solution (consultancy?) that orgs will say yes to, I also think there’s something healthy of having a single person in the org (the head of security?) who is personally responsible for the security going well (having “power” to make decisions, having information and knowledge to either make decisions or vet other people’s opinions), and this often isn’t the situation with consultancies, who are not in fact responsible in the way I mean.
I can also imagine a trusted consultancy that very specifically helps hiring competent people to be “head of security”.
[rough thoughts, not my expertise]