Father’s Day and good role models

This Father’s Day, I want to take the time to recognize the people that fill that role. A lot of people, myself included, grew up without their biological fathers in their lives. Mothers, grandparents, stepparents, partners, same-sex partners, spouses and even in-laws fill that role for many of us, and they don’t have to. They need to be celebrated just as much as fathers for taking on that extra work. This day is for them too!

Looking back, I’m happy mine wasn’t around past the age of 13. When many of my friends speak of their fathers, they speak of someone who was supportive, kind, always looking out for them, and not a narcissist with a serious anger management problem who constantly insulted and belittled everyone and told their children they never would accomplish anything. Because we didn’t fit his mold, he didn’t want anything to do with us, and was very clear that we were not wanted or worth his time. He left and wasn’t missed, even though in his mind he thinks he was. We don’t care about him.

I’m thankful for the people who stepped in and celebrate them on Father’s Day. They are the real fathers, not the person who thinks they are just because of genetics. I won’t insult fathers, those who assumed the role, or men in general by comparing him to them.

What lessons can we learn about security and how it applies in the real world from this?

Corporate change

Companies are like families in many respects. They are dysfunctional in many ways, but very progressive in others. Traditional patriarchal “old guard” corporate structures and management are changing to reflect a more distributed approach to governance. We have significant external factors changing business, not just cybersecurity, but also internationalization, distributing technology innovations, refocusing business units, restructuring, and outsourcing. Many people who have worked in these companies feel lost with the rapid pace of evolution, which looks logarithmic compared to the past 150 years when you graph it.

Two choices

You have two choices.

You can deny that these changes exist, sit in a corner passive-aggressively sniping at others, be a toxic influence, cause disengagement, and ruin your career in the process while you seek to bring down others who don’t agree with your opinions. I’ve seen several people destroy theirs this way.

You can also understand that evolution is a part of growth and realize that we have to evolve to embrace non-traditional structures and approaches, and that we also need to be the “father” figure, albeit non-traditionally, to support our colleagues when it comes to security and risk management.

I call this out because there are many women, minorities, and career changers who have stepped into cybersecurity leadership roles and are now those types of leaders. Unfortunately, there are still many “gatekeepers” who put up artificial barriers to discount their leadership and guidance.

I ran into this when I worked as a defense contractor, when I was discounted for not having military or security experience that met someone’s artificial standards, and when I started at my first CISO role, because several managers did not want me working there. One in particular, who left in 2009, told me the job had been eliminated during the interview process, and that I should look elsewhere in an attempt to get rid of me.

These people need to be ignored and bypassed for the good of society. We need to be non-traditional like the people taking on the father role for their children and continue to show leadership and work around barriers.

Be a mentor and father figure

This doesn’t mean just do your job and clock in and out. We have a responsibility to communicate with our team members constantly. We have to provide that mentorship and guidance to the newer members of our community. We have to continue to educate and guide them, no matter whether they fit some gatekeeper’s mold or not.

We also have to realize that many of these people in our field do not come from the same cultures or common experiences that we are used to. This isn’t a traditional one where many of the people came from the same social backgrounds, went to the same schools, or participated in many of the same activities. There is very high variety. You will have your ex-Armed Services veterans, high school or college dropouts, career changers, and a lot of varied backgrounds, educations, and economic statuses. We also represent all lifestyles, races, preferences, and religions. These are people who (mostly) question authority regularly and like to learn and discover for their own edification, not to get good grades or impress others. They want to build great things and discover new ways to innovate.

We need to mentor and educate based on ability, not on category. We can’t place barriers around people because they aren’t what we traditionally expect. We need to embrace change, and that roles are changing. The traditional roles for management and leadership are evolving. We need to educate Human Resources and other teams about this as well.

The next technology leaders aren’t going to be from the same programs at major universities that churn out Big 4 recruits and MBAs. They’re going to have backgrounds that involve military service, Open Source work, self-developed projects, self-education, and are extremely motivated people that want to succeed. We need to learn how to accommodate them within our corporate structures and provide the means for them to accomplish, rather than giving them a proscribed path that leads to a house in a nice subdivision and a cookie-cutter life, because not everyone wants that. Putting up barriers such as high traditional educational achievement or years of experience for basic positions works against that.

We want to be part of their success, not just taking credit for it when they are successful.

Don’t be that person who cuts others down and then sends a nice letter of congratulations because they succeeded despite the barriers you put into place. As the recipient of several attempts of that from estranged parents and gatekeepers at work, I can tell you it’s not appreciated, and actually makes said recipient feel sorry for you at your pathetic attempts at reconciliation, especially when it involves asking me for a job.

Take the opportunities to work with your local high schools, universities, BSides, local hacker cons, and even your local 2600 meetings, if you have one. Be that father figure to these people, because some of them really need it. Keep presenting and educating, even if half the room walks out. It means half is still there.

We have to combat negativity

If we keep these barriers up, one consequence is losing good people and talent to the sewer pit of negativity and chaos that exists in the dark underbelly of the Internet. Those sites and people are always welcome and are always looking for new converts to feed off of. They are also excellent at using social media, doxing, and coercive threats to keep them in the fold. They prey upon isolation and use it to their advantage.

Much like when we lost numerous of young men and women to gangs, criminal activity, and drugs before technology, we are currently losing numerous others to these cesspools.

We need to provide an engaging and developing place to be, and a sense of belonging. If we don’t, others will come up in their place who do not share our intentions, and we will make our current situation worse by having those who may not fit our mold 100% operating against us and the organizations we represent.

We need to help provide those support structures that many of these younger people need. Even if these people have parents that are in their lives, they may not be present in the right way. It’s our responsibility to set the example for others, be inclusive, and support others, not to point fingers and make snarky comments while pretending to care.

Change is not easy and takes a lot of work. The recalcitrant gatekeepers make it harder to do.

This just means we have to work harder to educate. There’s a lot of people who take up the parenting role even though they don’t have to. If they can take care of that role for children, we can take care of it for our own community.

Happy Father’s Day!