• United States



Finding security’s opportunity to engage

Nov 05, 20123 mins
CareersIT JobsIT Leadership

Sometimes security can find surprising places to connect and engage with others in an organization. Michael Santarcangelo offers some tips on how to identify them

As his clenched fist landed on the mahogany table in an angry blow, the papers in front of him sought shelter on the floor as each of the seven people gathered for the meeting took a collective roll back in their chairs.

Reddened and quivering, his face was the image of frustration& and rage.

For an awkward moment of complete silence, no one made eye contact.

“This is ridiculous and completely unacceptable,” he stated in a low voice as he flung his chair backward — nearly knocking it over — and stormed from the room.

As the lone remaining representative from the security team, I let out a loud, long sigh, looked around and apologized.

[Get tips for communicating security to non security people]

That happened to me about 12 years ago when a security executive in a bank I was tasked to support erupted and carried-on about a risk waiver request.

It wasn’t a joke, it wasn’t theatrics and it wasn’t pretty.

To be clear, his actions were childish and inappropriate; and yet while not by design, it created an interesting opportunity to engage the folks at the table.

As a result of his outburst, those of us left in the meeting engaged; we sought common ground and a way to work together. Unexpectedly, I was instantly positioned as the calmer head that understood their concerns.

I was the bridge for both sides to get what they wanted.

So while the approach of rage in the office is not recommended, creating genuine opportunities to engage the people we serve is important to advance individual careers and the entire security team.

Creating positive opportunities to engagerecently wrote about the positive impact of “changing the label (of users) to change the outcome” (with nifty McGruff song, too). Specifically, when we embrace working with individuals by their name in lieu of resorting to the generic (and harmful) term of “users,” it changes the outcome and creates an opportunity to engage.


[Also see Change the labels, shift perspectives of security]

When someone uses language that is inclusive and inviting, we have a tendency to pay more attention. When the phrase “end user” is actively, consciously replaced with “individual” — or better, with the actual names of people, something happens: someone usually remarks.

One of my clients tried this recently; they took a document, changed the phrase “user” to “people” and circulated the document. It was a simple change that drew a handful of interesting meetings — including with a business leader.

They noticed the change and wanted to find out what happened.

This led to a discussion about the renewed focus on designing solutions and communications to meet the needs of people. It created an opportunity to demonstrate, before explaining, that the new focus was, in fact, different.

So while changing the label shifts the outcome, it also produces the opportunity engage in constructive conversation with our colleagues. And that’s the opportunity: explain the changes through conversation. In the process, leave the sometimes ill-defined reputation as tyrants behind in favor of a new approach where we recognize individuals who, in turn, recognize us as individuals.

About Michael SantarcangeloAuthor of Into the Breach, Michael Santarcangelo is the founder of Security Catalyst, a practice devoted to harnessing the human side of security. Michael offers keynote presentations, seminars and consulting on security awareness, effective communication of security, security career management for teams and support for security leadership. Learn more at or engage with Michael on Twitter (@catalyst).