In Credible Security

Sep 23 2007

You might have noticed that nobody shouts “Group Hug!” when a security person enters a meeting. I have my theories why. One of them involves credibility — the kind that comes stingy in the workplace and must be earned.

Not all security pros earn enough credibility to truly affect the business. If you feel like you could use more than you’ve got, here are a few tips on how to accrue in ways that align with the business grain.

  • Think “selling” not “getting.” You don’t want to get security mind share from people; you want them to buy yours. You’re there to help them meet rising customer expectations, or whatever.
  • Say “no” by saying “yes.” Somebody wants to uncork that remote access bottle, and let a thousand new contractors VPN into the corporate net from anywhere in the world with their own laptops? Of course you’d like to help them explore how they can meet their objectives in a way that’s neutral to the business’ security posture.
  • Next time the budget fairy leaves unexpected cash under your pillow, decline it. There are lots of under-capitalized units in every business. Find one with a really worthy shelved project and suggest they revive it instead.
  • Learn when to say “That’s good enough for now.” Scratching and clawing for every inch of ground this time, because you know how hard it’ll be next time, only leaves you with bloody fingernails. Nobody wants to buy things from people with bloody fingernails.
  • Ask questions rather than making absolute statements. “When you say we don’t need a firewall, what assumptions might you be making?” is a lot more effective than “Of course we need a firewall.” It politely keeps the burden of justification where it belongs.
  • Don’t pick fights you can’t win. You’ll only end up a sore loser.

This isn’t about playing games to win political favor. It’s about demonstrating big picture perspective in a way that reeks of sensibility. And who doesn’t want to cooperate with sensible.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • Digg
  • del.icio.us
  • Reddit
  • digg
  • Technorati
  • StumbleUpon

Related posts:

  1. Why Admit You’re a Bad Parent, When You Can Just Sue?
  2. John Stossel, Give Me a Break!…20/20 is blind
  3. Send in your ROI & Metrics stories, get a book
  4. Some Wishes for 2008
  5. What’s Wrong with Firewalls?

Posted by Larry J. Hughes, Jr. on Sunday, September 23rd, 2007, at 11:25 pm, and filed under Articles.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.