Photo Credit: Scott SM via Compfight cc
When is “enough” really “enough”? If you are a parent, you may already have your child’s next 18 years planned out in detail. You want to do more for them than your parents did for you. How many photos have you pasted on social media to prove you are doing that very thing? Do you ever ask yourself, have I done “enough”? The same is true for the parent in charge of information security. The infosec baby is the one that matters. Every part of the security programme has its place and every piece is continually reviewed, monitored, updated and replaced when need be. What a good parent you are.
If you are a good parent of infosec, how frustrating it is when someone takes a look at your plan or even a piece of it, and criticizes it. It is just as if someone has scolded your child at school or some inconsiderate family member tells them they’ll never get to college. You are and rightfully should be on the defence. After all, you did follow your plan to the letter and did every step with the right intent and vision. Isn’t that enough?
Did you know your job is to grasp what is not written? You must attempt to learn “what is the next thing” people will want and make no mistake “the consumers don’t know”! Current studies show your children are expected to be in 11 different occupations over a lifetime. Changes to computing environments are even swifter and more unpredictable than a child’s potential career changes. We all want the stability of minimum changes, but that is not the world of infosec.
What do I mean by consumers? By now every aspect of information technology has been touched by infosec, and therefore the owners of the technology are consumers of infosec. It doesn’t stop there. External customers of the business are affected by infosec, so they are also consumers. To use the analogy of the child, every person in this child’s sphere has the potential to affect the outcome of the parent’s plan. Don’t forget computers. The ability for your child to connect to the world is a reality. This also what is making infosec so expansive and inclusive. Like a parent, one must be vigilant to keep the programme on track.
Same as a parent, if you don’t expand your view of the world in which your (child) security programme exists, how will you be able to keep up with the changes? Many times vendors contact the infosec programme manager to give them a brief look at the latest technology. So many people refuse the opportunity to learn something new. Some are so ignorant they don’t even request a link to the site so they can view it when they want. Is this wise? Shutting out the world from one’s own view does not keep the world from changing around you. That is why there are so many programmes to give children the opportunity to have and use a computer, so they can be competitive in the marketplace in which they live. Infosec managers need to seek new solutions and educate themselves. Working on yourself is a critical component of being successful in your work.
Parents can go even further than educating themselves and talking to their child to ensure the success of their plan for him/her. Meet your child’s teachers, principal and other members of the school staff. The infosec manager can do the same. Schedule regular meetings with those who have influence on your decisions regarding the security baby to ensure you are “on track” with the environment where your plan resides. It is as important to meet with allies of your security plan as it is to meet with adversaries. When a teacher negatively affects your child, you don’t avoid them because they are not supportive of your darling. It is the same with adversaries of the infosec plan. Get to know them. You may even ask for their input.
You are as critical to the success of the infosec plan, as a parent is critical to their child’s success. You are the leader. When you think you have done enough, learn something new. Take an idea and exchange it with your peers, other leaders. If you love what you do, there is never enough time, dedication, involvement and development to be successful. Take advantage of your parenting skills to help you make better decisions for your infosec plan. You don’t have to do it alone if you are a leader.