• United States



The Soft Part Is the Hard Part, and Vice Versa

Jun 10, 20082 mins
IT Leadership

Subtle gaps can form between leader and staff members. Here's to the bridge-builders.

Some of your employees don’t understand what you do all day. Some of your vendors don’t either. It’s human nature--everyone tends to look at the world through the periscope of his or her own duties and challenges.

An offhand comment at lunch from an attendee at the CSO Perspectives conference brought this home to me again. At the conference, we hit a wide variety of topics. Some “soft” stuff: how to communicate with the board, how to write a strategic plan, how to build employee awareness. Some “hard” stuff: botnets, data loss prevention, virtualization. The lunchtime comment was somewhat dismissive of the soft stuff--the “fluff” that executives seem to talk about so much. People with less seniority in an organization tend to have very concrete responsibilities, for lack of a better word. Vendors tend to look at you as “the guys who buy our stuff,” without a great deal of regard for what your other issues might be. Metrics, strategic planning and particularly communication issues are off their radar.

These differences in duties lead to disconnects. A guy in the trenches dismisses your interest in fluff and wonders why you waste so much time in meetings. Conversely, a woman on mahogany row refers to “the rank and file” and sometimes even uses the unfortunate and unprofessional phrase “dumb it down” in reference to communicating with the general populace.

All of these disconnects war against enterprise security.

In a large organization, you can’t solve the hard problems without applying the soft skills. You can’t have great security without executive and employee buy-in. The person who watches the BugTraq list and the one who builds a strategic plan are both necessary. Throughout CSO’s history, we’ve emphasized the need to solder connections between physical security and cybersecurity; that’s one gap that, happily, continues to shrink. The two groups no longer sit at different tables during our conferences.

As always, I was impressed with the new folks (and familiar faces) I met at CSO Perspectives. Great networkers with lots of ideas on how to connect the dots, mesh audiences, and share best practices without jeopardizing confidentiality.

Here’s to the bridge builders.