To Work Better, You Need a Change of Perspective
CSO - "Is that Charlie?" booms a voice. "It's been years. Man, great to see you!"
If you travel with Charlie (not his real name or details), that greeting echoes out from every level of the working world: executives, managers, security guards, gardeners and frontline workers.
Before settling on a career in the information security team, Charlie worked at a variety of positions in the company because he found them interesting. Now he's the most respected security architect in the organization --when someone has a question, a challenge or concern, they reach out to Charlie. His security team does the same.
Charlie has a deep understanding of the business (better at times than the business's own understanding), plus he knows all about the company's technology and security. Almost instinctively, he assesses the impact and potential impact that security decisions have on the people he has served with, people who still seek him out. His insights bring people together and steer them to choose and implement solutions that increase security, reduce risk and are embraced by the business.
At the pinnacle of a successful security career, Charlie is the embodiment of a simple proverb:"Dont judge a man until you've walked a mile in his shoes."
Charlie climbed physical ladders, pulled cable, turned switches and dials and gained a firsthand understanding of the company in a way that few others have. Even people with comparable tenure lack the depth of knowledge he has gained and the strength of relationships he has built.
Charlie is an outlier in security today. Trained as an engineer, he took the path of meeting and working with others; he learned the language and embraced the norms. More than just fitting in, Charlie belongs.
For most security professionals, the demands and pace of change, the complexity, and the universal time crunch often lead to tunnel vision with a hyper-focus on implementing and using controls to reduce risk. The current environment makes it too easy to ignore the valid and important perspectives of others in favor of just getting the job done.
A checking-the-box approach seldom increases security or reduces risk. Worse, it harms otherwise impressive security careers.
By forgetting about the people we serve, or simply not taking the time to understand them, we rush to judgment about their Acapabilities, which leads to frustration, anger and sometimes miscommunication that damages credibility and shortens careers.
To build a better approach for a strong and lasting security career, simply change your shoes.
Seeing the situation from another perspective is the best way to learn. Here are three ways, both formal and informal, to try on a different pair of shoes:
Start a job rotation: Engage in a formal policy of learning and working in different jobs. This is a great way to learn how the business of the company works.
Shadow someone else: Find someone to shadow for a day. The key is to follow your guide and ask questions without judging and trying to improve them.
Take someone to lunch, learn from their experience: Try something as simple as a buying someone lunch and asking them about what they do, and then listening.
The key to these approaches is to change the focus. Shift your mind away from the need to get the job done on your schedule to consider the perspective, environment and schedule of someone else.
Take time to reflect on the emotional and logical responses to those situations. And then look at the security processes, tools and directives you've issued to others. Are they designed to meet the needs and environment of you, the security professional, or are they universally designed to meet everyone's needs?
The key to success in security is focusing on others. Start by changing shoes to get insight into someone else's job. Then keep walking in other shoes to build a better career, a stronger team and more overall success.
Michael Santarcangelo is the founder of Security Catalyst, a consultancy that harnesses the human side of security.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts