I have been working in the security industry for over 18 years, and in that time I have often pondered the ‘generation differences’.
At Enex, we report to quite a number of CSOs and also work with their teams; including engineers, architects, project managers and vendors. The age range in these professions is considerable.
I am a very late 30-something and have a background in technical, network and security engineering. Many of my peers are now transitioning from middle management to senior management, and this move invariably means forfeiting the reason that they were attracted to the industry in the first instance: to play with hardware and software and find solutions to complex issues.
The senior managers that my peers are replacing are the last of the first generation (50+). These old skool fellows know what it was like to have no internet, email or converged devices; they know what 10BT networking was and probably have some background in environments such as Novell. That was when they were ‘technical’ before moving to management. In those days, security was the last thought; performance was key - ensuring that the system only crashed once or twice a day.
This generation did not expressly work in the security industry, but rather they were more ‘computing generalists’. You could argue that this is what has caused a ‘brick wall’ from many who are stuck in their older ways, ways that they understand. And, often, the policies and procedures that they support mirror this. What sets this generation apart, however, is that they usually learnt via word of mouth. They therefore have a key attribute, one which is very much undervalued; they are not possessive and are willing to freely share information. This mentoring role is key!
The second generation (40+) grew up with some level of computing from school, albeit using an Apple IIe or Commodore 64, and Appletalk and 10BT was the natural progression as they commenced their careers. While they were being managed and mentored by senior engineers this generation was growing with the technology, not having it forced upon them. Their curiosity, and desire to pull things apart to work out how they operate, and their exploration of the emerging data networks led them to adopt the traditional term “hacker”. And all the while, university, government and corporate networks and the Internet evolved under their technical watch.
It will be very interesting to see their transition as more and more of their technical time is replaced in-turn by management and mentoring responsibilities. The issue with this generation is political, because some profess to have a skill set which they may not be completely proficient. They can therefore be possessive over information when required to mentor for fear of being ‘outed’. While the sceptics might say that this is perfect for a management role, the issue is that when the technical push comes to shove these people will not be able to step in and lead their younger team members. Unfortunately we are seeing this possessiveness more and more as managers try to climb the ladder without failure, and it does little to help the next generations.
The next generation (30+) is the technical “in-between”, generally having gained a university degree in a generalist field of computing and then, combined with work experience, have moved into specialist areas, such as security. As a result, this group is often stereotyped by their verticals. In the early days of vehicle design, a team of designers developed the entire vehicle. Today it takes an entire technical design team just to design door handles. So with such specialisation, does this generation still have the passion for exploration? Or does it simply work according to the theory and vendor training and get the work done as prescribed?
The latest generation (20+) has the most theory and practical history to learn and absorb. Granted, these will be the most technically specialised, with many universities now offering tailored courses and degrees in computing science. However, has growing up with handheld gaming consoles and mobile phones left this generation with the passion and attention to apply itself to the exploratory nature of the IT industry ? And will it be shackled by its former generations’ lack of mentoring be able to sufficiently mentor and pass on their skills.
I am not intending to be offensive, any of these generations will always have exceptions to the case. Everything is good in hind-sight, so with rose-tinted glasses, let’s try to take advantage of each generation’s qualities, and see where we go.
Your thoughts, comments and feedback are welcome.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.