Nothing is inspiring me greatly in the security world today. I just don’t want to talk about what everyone else is talking about. So, I decided that I would throw down some practical advice from a security practitioner. Here goes:
Be SOCIAL!
Here is a clue. Many executives and board members think you are throwing money down an ever-growing hole that never shows return. DO NOT let your pride get in the way of making yourself visible to that CEO, CFO, COO, etc. Let them know what you are doing. How do you do that?
First, hire a hacker buddy. Next, open a hole in your firewall. Third,…wait, that’s not right.
Sorry about that. OK, here we go:
DO…
- …make personal appearances at company functions.
- …make eye contact
- …say hello to people in the hallway.
- …eat lunch with your coworkers.
- …talk to people at the water cooler.
- …put up pictures of your kids.
- …talk to people about your kids.
DON’T…
- …sit in your cubicle lined with Wargames memorabilia and mumble to yourself that you are doing a good job and that you don’t have to justify your existence while thinking of how Picard is a better Enterprise captain than Kirk (here come the flames).
Let ‘em know you are a person. Then, and only then, can you expect to start giving them some info on what you actually do in your job. Think about it.
Vet
Oh – one other thing – never “fix and forget”. Always track incidents and do a post mortem – involve your peers if you can. This can be highly valuable for you if you are looking to justify budget for a product purchase or just wanting to prove Infosec value to management.
Good, solid advice for advancing the security cause! Positioning yourself/your strategy/your needs internally is all part of open communication and just good, common sense.