Home » Security Leadership » Career/Staffing

Bob Moore Knows How Not to Get Fired

Remember: Once you have a security leadership job, it's the little things that help you keep it.

"It was great because he knew enough that, when you needed him to make hard decisions or operate in a crisis, he knew the basic concepts," Northcutt says. "He knew what words to use, and people respected him."

Welcome to the Business Table

This is a two-step process. Step one: Bond with the other suits.

Don't try to win influence with other executives by grabbing power or competing for resources. "To the extent you can bond with legal, risk management, audit, IT and all the others, do it," Humphrey says. "Match up the sound bites, merge compliance and policy functions."

Then there's alignment. It has the hollow ring of an executive clich. But here's the thing: If you don't do it, you won't last long.

With the audit committee, especially, you want to buddy up. "It seems to me the idea of competing for resources with audit is the shortest path to going away," says Allan Paller, research director of The SANS Institute and champion of the CISO function. "If you partner with them and share the load and treat audit with due deference, you have a shot. As long as you compete, it won't work." The key here is not to subjugate yourself to these other executives. You must view yourself as their equal. Just don't fight them.

Step two: Crash the executive party. There's no point in explaining this in any other way than Humphrey does, so, keeping in mind that Humphrey was a CSO and also an extended member of the board of directors at Digital, listen to what he says.

"You will not be invited into the executive circle of the corporation unless you elbow your way to the table. Volunteer for committees and workshops outside of security. I've always pushed my junior security managers to do this, and in a very short period of time, I guarantee, nonsecurity folks will come to you and say, Wow, I didn't know you had so much talent in security.

"I might also tell you that the people who've worked for me have gotten accelerated promotions and, throughout America, they're known as Ray Humphrey Graduates," he says. "They are redefining the CSO role because they push themselves into the executive circle."

Lose the 'Tude

Many executives think you have one. A bad one. And we're not just talking about information security officers, either. Even traditional, physical security executives, younger ones anyway, are saddled with a largely negative perception.

In case you didn't notice, we've come now to the soft and fuzzy part of the program, where to-do lists get tossed aside and psychology gets pushed to the forefront. In other words, the boardroom's out; the couch is in. It's time to learn what it means when a CEO, after eliminating the CSO or CISO, says, "There was just something about him that didn't fit with the organization."