Security Ripcord

How individuals of an organization work together can have a big impact on the overall security of that organization's environment.  A group that works as a team to achieve specific goals will achieve those goals in a more efficient fashion.  This is true despite the abilities of the individuals involved: security professionals, system administrators, network administrators, technology managers, financial managers, human resources directors, application developers, vice presidents, CEOs, system accreditors, auditors, etc.  All of these people could be the top in their fields but if they do not plan, organize, and communicate very little will get accomplished.  The overall success of the project and how individuals work together can be attributed to a manager's techniques but it is the overall performance of the individual people and their willingness to work cohesively that eventually determines the majority of the projects outcome. 

So, here is the problem, but how does a security professional correct a situation where other individuals involved in the team are resistant to change.   Of course, as we all know, management support is a critical element.  Fortunately this is becoming less of an issue as more and more security incidents reach the front pages of local and national newspapers.  This places the responsibility on the rest of the team.  The following is a list of things that I think are important for the security professional to consider and implement in an attempt to bridge the gap with colleagues who are more resistant to change.

• Patience - It takes time for anybody to adjust to a new situation.  Exercising patience is a little easier when there is management by in to the situation.
• Faith In Your Abilities – You were selected to fill an important position because of your training and abilities.  Confident decisions, right or wrong, will show everybody that you are a willing participant that is not afraid of taking responsibility and accepting the resulting outcome, good or bad.
• Open Door Policy – Every security professional should be open to addressing issues and concerns from anybody as they arise.  A lot of people are going to have a lot of questions about a wide variety of issues.  Some of them may seem mundane because they are basic, but to the individual asking the question they are not basic and they are generally address an immediate issue that individual is experiencing.
• Information Center – Develop a location where people can find and refer others to policies, frequently asked questions, training, references to important documentation, acceptable and unacceptable software lists,  security related tools, product evaluations, etc.
• Communication - Keeping management informed of important situations is a necessity.  What many people do not realize is that communication between departments and groups is just as, if not more, important.  Not every important decision has to be passed through management for approval.  At the same time, individuals deserve to be informed of all situations that involve them. These individuals should be provided with all information they are not aware of so that they can make sound decisions and take appropriate actions.  When groups start communicating among themselves managers can spend less time bridging gaps and more time addressing other issues and planning for the future.
• Develop Individual Relationships – Security touches many areas in different ways.  Reaching out to people in different areas shows them that you are proactive and willing to assist and educate.  Interacting with system and network administrators is a given in all environments but a good security professional will seek out programmers, department managers, and other people that will affect or be affected by security related decisions.
• Enthusiasm - Love your job, love what you do day in and day out, and have faith that you are helping people by securing their information and their organizations.

As usual I have a good military example of how teamwork and professionalism can produce positive results.  During my time in the United States Marine Corps I had the pleasure of working with some of the best men in the world.  My unit operated in small groups of six men.  Of course all of these men were Alpha personalities and conflicts often ensued.  But when it was time for mission planning and execution all differences were set aside until all duties were accomplished.  Additionally, these six men only represented one group that made up a platoon of men.  Each group in the platoon had different responsibilities and expertise.  But when the mission called for a large force all of the teams were able to band together and successfully accomplish the task at hand.  Their success can be directly attributed to the elements that I have listed above.  Patience, faith, communication, relationships, enthusiasm, and an overall sense that they were a part of something big and important produced results that could not be accomplished individually.  It is not impossible to get these type of results from any organization.  All it takes is a little teamwork.

Go forth and do good things,

Cutaway 

Cutaway Security, Security Ripcord, Teamwork, Security Professional

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.