Seth Godin has an brief, insightful post about what we have come to expect from different organizations. His conclusion is that while in life, most things don’t and shouldn’t surprise us, if we want to stand out, we have to be a surprise. Read “I’m not surprised” – but put it in the context of how your security team operates. And then read his conclusion:
“But if you want the word to spread, if you expect me to take action I’ve never taken before, it seems to me that you need to do something that hasn’t been done before. It might not feel safe, but if you do the safe thing, I guarantee you won’t surprise anyone. And if you don’t surprise anyone, the word isn’t going to spread.” – Seth Godin
For years I have felt that as a security professional, I had to overcome a generally held negative stigma about the way “we” act: we ignore others, we skip meetings, we tell people what they can’t do. Most security teams don’t have carry a positive connotation with them… whether earned or not. When is the last time you heard someone say “oh good, the security team got invited.”
It’s time to change our approach. We have to learn how to communicate more effectively. We have to listen more. To build on what Seth Godin shares (hey, I happen to like bald New Yorkers) – we have to be remarkable. Whether you work as a consultant or are part of an internal organization, we have clients that we serve, and we have to “wow” them at every opportunity. Now I’m not suggesting this is easy, but it’s clearly needed and worth it.
You can get started today (or on Monday) by approaching the situations you take on with a different attitude. Do this enough and you will stand out… here are five suggestions to get you started:
Bring donuts to a meeting
I mean it. If you’re health conscious, bring bagels. Bring fruit. Food is a great peace offering, shows you thought enough about others to make a difference and is a nice gesture. But wait – when people have enough blood sugar, they think better, are generally less snippy and are able to focus better. Think about when your meetings are scheduled and cater to the needs of the people attending. So do you really have to bring donuts? You decide. It is important, though, to think about the others you are working with and work aggressively to meet their needs.
Answer the phone with a smile – don’t growl.
Seriously. When someone calls, do you sound annoyed and overworked? Maybe you are, but how do you feel when you call a company and the person on the other ends makes you feel that you are an inconvenience? I don’t know about you, but I get defensive, irritated and generally enjoy the experience less. Is that what you expect from your colleagues? You have the power to make a difference – answer the phone with a smile in your voice and actually focus on the person on the other end. You’ll both walk away with a better experience.
Ask a user what their biggest security challenge is – and then explain it to them in a way they understand
A lot has been written lately about users. Want to get a different perspective? When you find yourself with some time for lunch, invite a non-technical colleague to join you. During the conversation, ask them about a challenge they have at home with security (or at work). Let them explain it – don’t jump in immediately with the solution. Ask some questions, pay attention and then offer to provide some insight, like this, “would it be useful if I shared some of my experiences with you when I dealt with that?” – see, that sets you up to share – and not tell in a condescending way. Then take some time to find a common ground and language, and work to explain a possible solution to your colleague in their words. This is decidedly a challenge, but if you make a habit of this – you’ll truly grow your abilities to explain how to protect information.
Follow-up with a helpful solution
We’ve all been part of meetings where a solution isn’t immediately clear to us. When that happens, have you ever actually though about it a bit and then provided your insights to the group? In my experience, we in security always get knocked for stopping progress and not helping advance it. So flip it around. Many of us in security have broad access to the company and with it, broad experience. Bring a helpful solution back and be considered part of the success. Good things will follow (especially if you make this a habit).
Point out what is RIGHT with a solution, and then help improve it
In technology, most of us get hit about the head and body when a mistake is made – and therefore it becomes a common mechanism to how we deal with others. Someone makes a mistake (perhaps even one that we made a long, long time ago) and we jump all over them. Have you ever taken the time in a meeting to point out what you LIKE about the solution? How was security considered, or how the choices made really support the ability to protect information? By celebrating and acknowledging others, you are then able to contribute your skills, insights and knowledge to the solution. After all, isn’t that our job as a security professional?