March 3, 2008

When asked to describe what you do, how do you answer? How do you explain your role in the organization?

Most people I speak with explain that they are “in security” or elaborate to explain that they protect information. I propose a different approach.

I firmly believe the role of a security professional is to make it easier for others to do their jobs — so they can protect information.

We still handle policies, firewalls, IDS, administration and the entire fabric of network security and such. This is more of a mindset argument. What happens if other people find their jobs truly getting easier, instead of harder? What if we worked to simplify, not complicate? What if others were welcomed into the process, able to do their jobs and take responsibility for protecting information?

When taking on an effort, project or system, simply ask, “Does this make it easier for people to do their jobs and protect information?” If the answer is no, then the approach may need to be reconsidered.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours - the best way for Security Leaders to connect with a group of peers each week for a needed shot of energy and actionable insights.