When asked to describe what you do, how do you answer? How do you explain your role in the organization?
Most people I speak with explain that they are “in security” or elaborate to explain that they protect information. I propose a different approach.
I firmly believe the role of a security professional is to make it easier for others to do their jobs — so they can protect information.
We still handle policies, firewalls, IDS, administration and the entire fabric of network security and such. This is more of a mindset argument. What happens if other people find their jobs truly getting easier, instead of harder? What if we worked to simplify, not complicate? What if others were welcomed into the process, able to do their jobs and take responsibility for protecting information?
When taking on an effort, project or system, simply ask, “Does this make it easier for people to do their jobs and protect information?” If the answer is no, then the approach may need to be reconsidered.