In Depth
Bob Moore Knows How Not to Get Fired
Remember: Once you have a security leadership job, it's the little things that help you keep it.
By Scott Berinato
You're not going to like what that "just something" about you is. But you should know. Swallow hard and read on.
The physical security chief, according to stereotype, is a rigid and dogmatic "top cop" who has an "arrest" mentality and is a no-man as opposed to a yes-man.
The information security executive comes across as arrogant, a know-it-all who is whiny, defensive, uncooperative and doesn't try to work with others because how could anyone possibly understand the technical challenges he faces?
Not valid? So what. Unfair? Stop whining. In fact, the security executive who raises a stink because of these preconceptions actually feeds the preconceptions. "We had one CSO candidate for a Fortune 500 not get the job," says Lenzner. "And he—I can hardly explain it, but it was so telling—lashed out about how the company didn't know anything. He was angry. Like a child that didn't get his way."
Northcutt believes the attitude comes from the fact that many CISO candidates are underqualified. "They are stressed out, secretive, edgy and defensive because they don't have the understanding or mastery of tools they need," he says.
At any rate, he explains how the attitude plays out in the business by role-playing as if he were an operations executive being approached by a CSO. "I'm operations. I am the business. My job is to get the trains running on time. My bonus depends on 5 percent better operations. A huge preponderance of my money is based on five nines.
"Then some security guy comes in and says, 'Add this patch,'" Northcutt continues, incredulous and in a mocking tone. "As operations, what do I want to do? Take a bat and smash their heads! Security whines, but above that, they say no. What's up with that? We are the business, Mr. Security Guy. Go figure out how to tell me yes, because that's the only word I want to hear."
In gentler tones, Coughlin says CSOs who come in with a criminal justice background also take the wrong tack. "They'll come around trying to scare the hell out of you. They need to shed that attitude."
Get Downright Humble
It's not just about losing the brash front. You've got to swing to the other extreme. A humble security chief is in the best position to dictate his agenda because he will demonstrate to the other executives that their stereotypes are wrong.
We're defining humble quite specifically here, but we're also leaving very specific traits out of the definition. Humble doesn't mean subservient or compromising. It doesn't mean you downplay your ability or confidence. All of that would just make you inferior to other executives.
security jobs
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
