In the Army, we see the basic military fundamental skills being tested on every mission and operation. Whether the operator is jumping out of C-130 to scuba submersion or securing a post in country, their basic skills are always being tested.
This goes for information security professionals, as well. Your basic skills sets will be tested every day.
It is important not to forget the basic fundamental skills such as command lines, understanding of networking, programming and overall, how that translates to having security in the line of business. We have seen many Sr. Management, VP of Compliance and Executive Management personnel get lost in office politics and lose sight of their skills that made them who they are now.
This leaves Sr. Management, VP of Compliance and Executive personnel open to being “schooled” by a junior staff member.
If this happens, it can really affect the image of Sr. Management, VPs of Compliance and Executives, not to mention how well they understand a security situation. I have overheard scuttlebutt by the water cooler that the junior staff knows more than management.
This sets the wrong tone and can be addressed with a simple understanding of basic tech skills and how they work in security.
It is advisable that Sr. Management, VPs of Compliance and Executives grasp the fundamental understanding of their line of business and the skills sets that are required to execute the duties at hand.
Towards that end, here five tips for Sr. Management and Executive management:
About the Author: Ricoh Danielson is a U.S. Army Combat Veteran of Iraq and Afghanistan. As a digital forensic expert in cell phone forensics for high profile criminal and civil cases, Ricoh has a heavy passion for information security and digital forensic that led him to start up his firm (Fortitude Tech LLC) in the middle of law school to become Phoenix’s heavy hitting digital forensic power house.
He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Know what you are talking about. Spend time understanding and knowing what the topic is and how information security plays a role in the process.
- Be the SME (Subject Matter Expert). Be the person who can speak to the areas of business and be the expert. Remember: there are people under you, so you are the superstar here. You are going to be the point of reference. If not, at least work to create a culture that allows others to work together in the interest of security.
- You do not deserve all the awards. It is the Jr. and Middle staff who are doing all the work and heavy lifting. Recognize them for it. Nothing is more irritating than a Sr. Manager and/or Executive taking credit for a project when they do not know what it took to make the project happen. Give credit when credit is due.
- Learn something new and upcoming. Stay ahead of the power curb. Truly understand and know what is coming on the horizon and what you need to do to stay ahead of the threats, market trends and overall upcoming obstacles.
- Be humble and be approachable. Know your strong suits and weak areas.