To Work Better, You Need a Change of Perspective

"Is that Charlie?" booms a voice. "It's been years. Man, great to see you!"

If you travel with Charlie (not his real name or details), that greeting echoes out from every level of the working world: executives, managers, security guards, gardeners and frontline workers.

Before settling on a career in the information security team, Charlie worked at a variety of positions in the company because he found them interesting. Now he's the most respected security architect in the organization --when someone has a question, a challenge or concern, they reach out to Charlie. His security team does the same.

[Finding security's opportunity to engage]

Charlie has a deep understanding of the business (better at times than the business's own understanding), plus he knows all about the company's technology and security. Almost instinctively, he assesses the impact and potential impact that security decisions have on the people he has served with, people who still seek him out. His insights bring people together and steer them to choose and implement solutions that increase security, reduce risk and are embraced by the business.

At the pinnacle of a successful security career, Charlie is the embodiment of a simple proverb:"Dont judge a man until you've walked a mile in his shoes."

Charlie climbed physical ladders, pulled cable, turned switches and dials and gained a firsthand understanding of the company in a way that few others have. Even people with comparable tenure lack the depth of knowledge he has gained and the strength of relationships he has built.

Charlie is an outlier in security today. Trained as an engineer, he took the path of meeting and working with others; he learned the language and embraced the norms. More than just fitting in, Charlie belongs.

For most security professionals, the demands and pace of change, the complexity, and the universal time crunch often lead to tunnel vision with a hyper-focus on implementing and using controls to reduce risk. The current environment makes it too easy to ignore the valid and important perspectives of others in favor of just getting the job done.

A checking-the-box approach seldom increases security or reduces risk. Worse, it harms otherwise impressive security careers.

[Change the labels, shift perspectives of security]

By forgetting about the people we serve, or simply not taking the time to understand them, we rush to judgment about their ­capabilities, which leads to frustration, anger and sometimes miscommunication that damages credibility and shortens careers.

To build a better approach for a strong and lasting security career, simply change your shoes.

Seeing the situation from another perspective is the best way to learn. Here are three ways, both formal and informal, to try on a different pair of shoes:

Start a job rotation: Engage in a formal policy of learning and working in different jobs. This is a great way to learn how the business of the company works.

Shadow someone else: Find someone to shadow for a day. The key is to follow your guide and ask questions without judging and trying to improve them.

Take someone to lunch, learn from their experience: Try something as simple as a buying someone lunch and asking them about what they do, and then listening.

The key to these approaches is to change the focus. Shift your mind away from the need to get the job done on your schedule to consider the perspective, environment and schedule of someone else.

Take time to reflect on the emotional and logical responses to those situations. And then look at the security processes, tools and directives you've issued to others. Are they designed to meet the needs and environment of you, the security professional, or are they universally designed to meet everyone's needs?

The key to success in security is focusing on others. Start by changing shoes to get insight into someone else's job. Then keep walking in other shoes to build a better career, a stronger team and more overall success.

Michael Santarcangelo is the founder of Security Catalyst, a consultancy that harnesses the human side of security.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Santarcangelo

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts