"Is that Charlie?" booms a voice. "It's been years. Man, great to see you!"
If you travel with Charlie (not his real name or details), that greeting echoes out from every level of the working world: executives, managers, security guards, gardeners and frontline workers.
Before settling on a career in the information security team, Charlie worked at a variety of positions in the company because he found them interesting. Now he's the most respected security architect in the organization —when someone has a question, a challenge or concern, they reach out to Charlie. His security team does the same.
Charlie has a deep understanding of the business (better at times than the business's own understanding), plus he knows all about the company's technology and security. Almost instinctively, he assesses the impact and potential impact that security decisions have on the people he has served with, people who still seek him out. His insights bring people together and steer them to choose and implement solutions that increase security, reduce risk and are embraced by the business.
At the pinnacle of a successful security career, Charlie is the embodiment of a simple proverb:"Dont judge a man until you've walked a mile in his shoes."
Charlie climbed physical ladders, pulled cable, turned switches and dials and gained a firsthand understanding of the company in a way that few others have. Even people with comparable tenure lack the depth of knowledge he has gained and the strength of relationships he has built.
Charlie is an outlier in security today. Trained as an engineer, he took the path of meeting and working with others; he learned the language and embraced the norms. More than just fitting in, Charlie belongs.
For most security professionals, the demands and pace of change, the complexity, and the universal time crunch often lead to tunnel vision with a hyper-focus on implementing and using controls to reduce risk. The current environment makes it too easy to ignore the valid and important perspectives of others in favor of just getting the job done.
A checking-the-box approach seldom increases security or reduces risk. Worse, it harms otherwise impressive security careers.
By forgetting about the people we serve, or simply not taking the time to understand them, we rush to judgment about their capabilities, which leads to frustration, anger and sometimes miscommunication that damages credibility and shortens careers.
To build a better approach for a strong and lasting security career, simply change your shoes.
Seeing the situation from another perspective is the best way to learn. Here are three ways, both formal and informal, to try on a different pair of shoes:
- Start a job rotation: Engage in a formal policy of learning and working in different jobs. This is a great way to learn how the business of the company works.
- Shadow someone else: Find someone to shadow for a day. The key is to follow your guide and ask questions without judging and trying to improve them.
- Take someone to lunch, learn from their experience: Try something as simple as a buying someone lunch and asking them about what they do, and then listening.
The key to these approaches is to change the focus. Shift your mind away from the need to get the job done on your schedule to consider the perspective, environment and schedule of someone else.
Take time to reflect on the emotional and logical responses to those situations. And then look at the security processes, tools and directives you've issued to others. Are they designed to meet the needs and environment of you, the security professional, or are they universally designed to meet everyone's needs?
The key to success in security is focusing on others. Start by changing shoes to get insight into someone else's job. Then keep walking in other shoes to build a better career, a stronger team and more overall success.
Michael Santarcangelo is the founder of Security Catalyst, a consultancy that harnesses the human side of security.