You did the impossible and landed a job in the high tech world of computer security. Now you have a few years in the security profession and some days security is like mission impossible. Leadership is cutting the security budget, engineering has little regard for security, compliance always takes top priority, engineers endlessly debate whether a bug is a security concern, even when they agree security bugs are a concern they are placed at the bottom of the pile. Is anyone listening to you? Does this sound like you? Wondering how to show some success and take your career to the next level? If your just getting started in security then I recommend a previous post, “So You Want to be a Security Professional”?
First thing is first, take a deep breath, now let it out, and congratulate yourself – your a security professional. Computer security is a really tough job and it does not take a computer security professional to figure that out. There’s hardly a week that passes without a new security headline in the popular media. Somewhere in the middle of all this conflict is you – trying to get some work done. I will share a few observations along the way you may find helpful in your career.
Be a good listener
When your contributing in group discussion, meeting individually, or reviewing email pay attention to ever word communicated. Then think about the information not being communicated to you. What’s missing? How is the information being communicated to you? Is the discussion evoking some passion? You can learn much about how people feel on a topic or what they know simply by being a good listener. Don’t be the one in the room that is thinking of the next thing they are going say or add to the conversation. Instead give the speaker your full attention. Similarly, if your reviewing technical documents for security approval think about the design being presented and also what may be missing. It’s often the information that is missing, purposely suppressed, or refactored into something more pleasing, that is most pertinent.
Some of my best training comes from “brown bag” lunch sessions where employees bring a lunch, setup a projector in a conference room, and watch some training videos while everyone eats. Most of us eat every day so you would be surprised how much you can learn after a few months. I learned the basics of Java programming at brown bag lunches years ago. My advice is take some responsibility for training on your own. Dedicate at least some time each week to education and self-improvement. It’s in your best interest to invest in yourself.
Separate success of security from your personal success
I know it seems like an oxymoron but let me explain, security is like medicine and your role in security is much like a doctor. Many people smoke and lead unhealthy lifestyles. When the doctor meets these individuals they treat their conditions and encourage good health. Sometimes a condition is not always curable but doctors often make life more comfortable. The doctor never shoots the patient dead because the patient is too sick. The doctor always does their best, with a professional attitude, and encourages the patient. Doctors make good role models for security professionals. People will not remember your personal challenges or how demanding they were on you. They will remember how you treated them and addressed their concerns. Don’t let your passion for security or doing things correctly jeopardize how people feel about you. Sometimes in security there are forces in an organization that are beyond your ability to influence to a successful outcome. Do your best, and if you fail, do what doctors do, move on and save another patient since there are many.
To say security is challenging is an understatement. It’s a profession ripe with conflict and challenges. Moving beyond security professionals in the crowd requires tools to communicate with top leaders. Top leaders are creative problem solvers, accept responsibility, they know when and where to speak and to whom to speak, they choose their words carefully, they stay on top of the news and educate themselves, they are committed, and they get results. You will need to become more like your managers to enter into their ranks.
Changing your environment around you is tough but you always have the power to change yourself. I admit it’s not easy to change yourself but to the measure you do you will become more respected, well liked, and win more supporters which will only help you.