Leading from the front: Change the labels, shift perspectives of security

Leading from the front is regular series from Michael Santarcangelo that shares practical tips, insights and solutions focused on security leadership, security awareness and effective communication. In this article, he examines how labels can hurt security's efforts within an organization

Michael Santarcagelo, security career catalyst

When hired into an organization, each person has a defined responsibility, set of skills and sphere of influence. In essence, each individual is an expert contributing to the success of the organization.

But it doesn't always feel that way.

With the current pressure for everyone to do more with less, it is common to get frustrated with perceived (or actual) roadblocks, delays and miscommunications.

[ Also see: 5 steps to communication security's value to non-security people]

With intense focus on the overwhelming number of tasks and looming deadlines, it gets easy to stop seeing individual abilities and contributions in favor of sweeping labels to describe entire populations of the people we work with.

The common term in security to describe the people we serve is "users."

While the roots are harmless and logical, the negative connotation it brings — "users are losers" — is a practice that harms our careers and hampers the ability of our teams.

I recently proposed dropping the label "user" from our lexicon and offered some insights into how and why to make the shift in Why dropping the label of "users" improves how we practice security.

It is clear the use of labels to describe groups of people will continue: colleagues, clients, customers, etc.

However, when we change the labels — intentionally, thoughtfully — we necessarily shift our perspective. This shift is essential to seeing other people in a way that gives us the insight to advance our career.

This shift helps move us closer to the individuals; they become colleagues we collaborate with for a mutual purpose as opposed to "users that need to be made" aware, to change or whatever task is at hand.

Our language frames our relationships

The purpose of this exercise is to continually strive to consider and select words with language that shifts the lens other people are viewed with. By preventing stereotypes and disrupting bad habits, we stay closer to the people we rely on for mutual success.

Exercised regularly and properly, it helps build relationships that power the entire business. These are the relationships that drive the holy grail of "business alignment," because they foster improved communication and common understanding.

With alignment and understanding, relationships devoid of labels make it easier to advance security efforts — making teams more effective, reducing friction and building individual reputations. The kind that advance careers and earn more responsibility.

Making the Shift

The first step is to consciously stop using the term user. Immediately substitute the words people, individuals, or colleagues.

It feels a bit awkward and even contrived. That feeling signals the change.

Once the shift starts, it gets easier — and sometimes the word "user" (or whatever term needs to be abated) slips out, is easily caught, corrected and moved on.

When the slip happens publicly, it's an invitation to engage as others naturally inquire about the change of term.

Use the chance to dig deeper: explain the purpose behind the shift and ask people what they want to be called. Maybe it will turn into a joke, for example, when they explain they desire to be referred to as king of the purchasing department.

That's okay. The point is to engage in a dialogue. Asking the question in a sincere and interested way signals a human intent. That's the shift that changes perspectives.

Corollary: don't get labeled

In some organizations, tensions have grown between IT/Security and other teams with highly educated, powerful members that drive significant revenue or curry favor with executives.

The result is often their flat denial to embrace anything security, dismissed instantly as "harmful to their efforts" and ignored.

They likely labeled the security team much in the same way the security team labeled them as a bunch of users ("who dont know how to protect information.") During a recent panel on security awareness (hear an audio version here), this topic came up; the panelist suggested communicating with others the way we wish to be communicated with.

When we stop labeling others, it is fair and appropriate to try to avoid getting labeled in return.

We, too, are bright, smart and well-educated professionals with a job to do that contributes to the success of the organization. While often focused more on cost and risk avoidance, dropping the label of user and seeking a more personal connection with others is not intended to diminish our abilities.

The key outcome of this effort is to stop competing — whether for money, attention, power or the like — and start working as colleagues. Dropping the labels paves the way for productive and necessary conversations that inform and allow people to work together.

It might take some time and continued practice to stop using labels while avoiding labels on us. Each opportunity to improve is a step toward a stronger career, stronger team and our ability to provide the service and results expected of security professionals.

About Michael SantarcangeloAuthor of Into the Breach, Michael Santarcangelo is the founder of Security Catalyst, a practice devoted to harnessing the human side of security. Michael offers keynote presentations, seminars and consulting on security awareness, effective communication of security, security career management for teams and support for security leadership. Learn more at http://www.securitycatalyst.com or engage with Michael on twitter (@catalyst).

Copyright © 2011 IDG Communications, Inc.

8 pitfalls that undermine security program success