Other
Are You the Party Pooper?
How to upgrade your image with business clients
By Dan Lohrmann
- Relationships, Relationships, Relationships Take key business partners out to lunch and listen to their priorities. The "CSO stereotype" is that we only focus on compliance issues at project meetings. We give out lists of Dos & Don’ts. By looking deeper at business needs, we can be more customer-focused and help clients solve their problems. Remember who’s paying the bills.
- Don’t Stay in the Box Regardless of the organization we’re in, our security role has a box placed around it. Break out of the box. Look more broadly at the organization to see if you can increase your organizational value by joining or helping steering committees, user groups or other key project oversight boards. If opportunities are not available locally, look enterprisewide.
- Under-Commit, Over-Deliver Information technology projects are notorious for being late and over budget. The security office is often seen as part of the problem. Project managers love to blame late deliverables on "that darn security office" if they can, since that excuse often works in the short term. Over time, this will damage the reputation of the CSO, especially if problems are caused by a lack of planning and coordination and not real risk. What can you do? Agree on metrics for security functions, such as scanning servers for vulnerabilities, and exceed expectations for deliverables.
- Have a Party—Celebrate Success If you’re known as the party pooper, what better way to change that perception than to throw a party? The tendency for CSOs is to think that we never "arrive," since security is never finished. We always want more, so celebrating success, which is common in most other parts of the business, may not be happening within security offices/projects. Thank teams for their support in reaching key objectives. When you reach a significant deliverable or milestone on a security infrastructure project, bring in a lunch for the entire project team.
One final thought: Sometimes CSOs do still need to be the party pooper. But just like Arnie in Kindergarten Cop, sharpening softer skills can improve your performance.
Dan Lohrmann is Michigan Chief Information Security Officer (CISO), and Director, Office of Enterprise Security.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
