One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 535287 |
| Date de publication | 2018-03-22 15:10:01 (vue: 2018-03-22 15:10:01) |
| Titre | Security Practitioners: 10 Signs You Need to be More Direct |
| Texte | Conflict isn't Pleasant, But Sometimes it Can be Healthy and Necessary When Done Properly and Respectfully Living and working in different cultures gives you a broader perspective across a variety of different areas than you might have attained otherwise. It is one of the things I am most grateful for professionally and has taught me to appreciate that each culture has its own advantages and disadvantages. There is one particular aspect of some cultures that I think we in security can learn a lot from. Which cultural aspect am I referring to? Directness. Those of you who know me know that I am very direct and that I am a big proponent of directness. Directness is something that some cultures do better than others. So how can we as security practitioners identify areas in which directness can help us improve? I present: 10 signs you need to be more direct. 1. Bad ideas hang around: I remember watching the challenger explosion on television. After the investigation, groupthink was found to be one of the reasons that the launch was allowed to go ahead, despite known risks. People were simply afraid to state their concerns directly. While the stakes are certainly lower in your security organization, the principle holds true. If people are afraid to be direct, it often results in bad ideas hanging around far longer than they need to. Whereas in a direct culture, a bad idea can be considered and politely dismissed in a relatively short amount of time, in an indirect culture, it may linger far longer than it should. That results in valuable resources being spent on activities that don't provide much value. 2. Good ideas don't come forward: In a similar manner, if people are afraid to be direct, it often keeps them from suggesting new ideas. Perhaps the solution to that big problem you've been worried about is found in the thoughts of one of your team members. But if it stays there, it doesn't do you any good. 3. The team has no idea where it stands: Security teams need to know that the work they're doing adds value to the organization, improves its security posture, and helps mitigate risk. In order to gauge where they stand, the security team needs to know what success in each of those areas means. The only way I know of to communicate what success means is to do so directly. That enables the team to make progress more effectively. 4. Strategic direction and goals are unclear: Building on number 3, communicating strategic direction and goals clearly and directly helps the team understand where the organization is going and what success means. Not surprisingly, that clarity will assist the security team in maturing far more quickly and efficiently. 5. Everything is above average - always: I always love it when I hear people tell me that everyone on their team is exception |
| Notes | |
| Envoyé | Oui |
| Condensat | @ananalytical acquisition actionable active ads advicesolving advised advisor also analysis analysis/forensics analytical applying both broad build building built capabilities career centers cert chief clients close columns computer consultant consulted cto currently direct direct10 earlier emergency emerging endpoint enhance enterprises experience experienced extrahop fireeye found founder from goldfarb goldfarb:security ground has help his idrra improve incident independent industry information insights isn't its joining josh joshua leader levels links lose malware management methodology more need network npulse numerous officer operations postures practical practitioners: previous prior private problems product public ran readiness response running sale10 salewanted: sectors security served serves sexy signs socs sponsored states strategic strategy subsequently t46 tactical tags: team technologies traffic twitter: united until ways where worked |
| Tags | Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2018-04-04 13:48:05 | (Déjà vu) Security for the Ages: Make it Memorable (lien direct) | >Those of us That Spend our Lives in Security Sometimes Forget How our Field Looks and Sounds to Others
Recently, on way to work, I heard the song “Mr. Jones” for the first time in years. For my younger readers, this Counting Crows song was quite popular when I was in High School. I found hearing this song again after so many years fascinating. Why? Because I still knew every word of the song.
Whether or not you are a fan of the song, you are likely asking yourself what this could possibly have to do with security. That's certainly a fair question. To understand the connection here, we need to ask ourselves why I still remember the words to this song after all these years.
In my opinion, the answer to that question lies in the fact that the song was fun for me. For whatever reason, it found favor in my eyes. I internalized it. I heard a lot of songs in the 1980s and the 1990s. But the number of songs from that period whose lyrics I still remember is relatively small.
We can learn a lesson from this in security. Those of us that spend our lives in security sometimes forget how our field looks and sounds to others. When presenting or discussing our work, it's important to focus on how that message is received and internalized by the people on the other side of the conversation. Let's take a look at ten situations in which we can leverage this powerful lesson.
 1. Conferences: I've sat through a fair number of conference talks in my life. Some have been better than others. Know your audience and stay focused on what will resonate with them and/or help them understand what you've been working hard on and the value it provides to the greater security community. The best talks are those that people still remember after a year or two has gone by.
2. Board: In previous roles, I've had a few opportunities to present at board meetings. What I took away from these encounters is the extremely high level at which the board thinks about risk. It's incredibly strategic and miles away from tactical. Something to keep in mind when formulating your board presentation. Your job is to get the board's attention and cause them to focus on what's important, not to overwhelm them with details.
3. Executives: While perhaps not as high level as the board, executives are still pretty high level. Tactical mumbo jumbo will put them into a trance. Best to tune your message to the audience and ensure it will resonate and stay with them. For example, if you need to make the case for additional budget, try doing so in the language of mitigating risk to the business and return on investment.
4 |
Guideline |