Security Ripcord

This makes twice that Mike Rothman has called out a security professional who has found themselves in a tight spot. The first time was when Alan Shimmel wrote about Martin McKeay’s (then anonymous) plight with his last employer. You can read the comment that I left in support of Martin’s actions. More recently Mike has commented on a post by LonerVamp detailing a young security professional’s plight with upper management.

Mike’s comments in both cases are typical of his marketing shtick, “If they would have applied the concepts in my book then they might not have found themselves in this situation.” I could say that his only intent was to plug his book, Pragmatic CSO, but I think it is more than that in both of these situations. He honestly feels that these individuals could have had different outcomes with a different approach to the situation and the managers involved.

Is he correct? I’m not sure. I have not purchased his book nor followed his posts about it very carefully. I can tell you that I am hoping to get it as an upcoming birthday present from my wife. This is mainly due to the reviews it has received from: Martin McKeay, Richard Bejtlich, and Alan Shimmel. I am, however, more concerned about Mike’s approach to young security professionals. “Buy my book, it is a good approach for dealing with executive management” is not, in my honest opinion, an effective way of approaching our next generation. Sure, he has made the information available to the public, but security professionals are pummeled with literature almost on a daily basis. His book might be on the list of top purchases but where is the actual teacher to help with the interpretation to assist with the evolution of the concepts within an individual? And, just to clarify, I am not talking about college Master/PHD programs or advanced certifications.

What I would like to see is Mike, and other security professionals with upper management experience, take a step towards creating a mentor program to help young security professionals grow and deal with the tough situations generated by the very nature of this industry. Michael Santarcangelo’s group the Trusted Catalysts has been tossing this idea around in the Security Catalyst forums but it has not taken off. I believe that this is mainly due to the amount of personal effort that is required of a true mentoring relationship. Mike has mentioned that one of his efforts will be to launch a Pragmatic CSO community. Hopefully this will be one of his team’s endeavors.

As a security professional with newfound management responsibilities I perfectly understand how difficult it is to step into this arena for the first time. Whether the situation is building a new security environment from scratch or dealing with executives who will not learn from mistakes or input, it is a tough row to hoe. I am lucky, I found great help and guidance in the Trusted Catalyst community. I have also found great advice and guidance in all the security related bloggers that I was lucky enough to meet first hand. But what I still crave to help make myself a better manager and leader is a mentor who will push me to the next level. I am sure that many of the new and upcoming managers feel the same. But I am just not seeing this level of commitment from the security community.

We have recently made leaps and bounds by realizing that security is a process that involves selling, marketing, psychology, philosophy, history, creativity, education, and awareness. Now we need leaders to step up to the plate. We have plenty of forums where people can exchange ideas, concerns, exploits, vulnerabilities, and dirty pictures. Now we, the security industry, need to start guiding and shaping the next generation. We need our currently leaders, who have built themselves from industry necessity, to guide the new breed of security professionals. This new breed is just as enthusiastic as the old breed. But because they are coming into the industry without the programming, networking, or administration backgrounds they are finding it difficult to establish a firm foot hold. Sure, some of them are doing it just fine on their own. But there are plenty of leaders out there who need education that books don’t provide to assist with their progression. They need the advice of men and women who are willing to mentor them through the growing process, point out where they are strong and weak, encourage them during tough times, and ground them during lofty cocksureness.

Go forth and do good things,
Cutaway

Rothman, McKeay, Shimmel, Bejtlich, mentoring, Security Ripcord, Pragmatic CSO

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.