At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I recently made a mistake. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world.
Mistakes and human error in Information Security account for 70 percent of the initial intrusion vectors for attackers, states the 2016 Verizon Data Breach Investigations Report. This report suggests that, “basic security hygiene is what matters the most in terms of effective defensive countermeasures.” Security starts with you. Understanding the impact of what a careless mistake could mean to the security of your organization and to your personal reputation as a security practitioner could very well be detrimental.
In one case, an employee working in the finance department of a wire and cable manufacturer was sent an email claiming to be from the company’s executive, demanding to have 40 million Euros transferred to a bank account in the Czech Republic. This is one instance where a mistake caused a company an incredible financial hardship due to human error.
When making mistakes, especially as a security practitioner, it is important that you look yourself as a brand. You are your personal brand—your brand is defined by your actions. If you have good actions, then your brand will sell very well. If you promote your brand, there will be a higher demand for it.
However, in the case of an event where you just made a royal mistake, it’s time to think about your options.
If you are genuinely unsure if you made this error, it is important that you first seek clarity. It has been extremely important in my life to take ownership and accountability for my mistakes. But don’t be a martyr. Every mistake comes with a prolific opportunity to grow from it, but if it wasn’t your mistake, then you are hurting your brand without gaining the opportunity to grow. My first suggestion to you if you are unsure of the mistake is to find the evidence.
If in your search you do indeed find that it was entirely you and you are the problem, the second piece to the puzzle for is to accept ownership. I have seen people go to vast means to deny, deny and deny. In all aspects of my life, this has never worked to my favor. You need to accept that you can, will, and do make mistakes in life.
Taking accountability for your mistake comes with a price tag. There will be some level of consequences for your mistake. We will call consequences “amendments” because to amend something is to change it, and that is exactly what you need to do.
The worst thing that could ever come out of this is for you to be wrong once then continue to be wrong for the rest of your life. so call your consequences “amendments.” You want to change the impact of your mistake.
Changing the impact of your mistake could mean a lot of things. However, it starts by asking those you’ve impacted, “How can I change things?” This seems simple but the magic in this is meaning it. I’ve done this enough to know that people will feel if you are sincere or not.
Amending may very well be not behaving that way from that point forward; it may be a financial payment, it may even be jail time (let’s hope not). Whatever it may be, I have learned that walking away with an action step is the only way to repair your brand. It starts with asking that question. Seek an agreement between you and those affected.
Carrying out your obligation to agreement is the only way to repair your brand. I must warn you that entering into this agreement and not carrying out the obligation to the full extent will demolish any credibility you might have beyond repair. It’s very serious and you must treat it so.
Handling mistakes this way has proven to be the most effective way to overcome and grow beyond any obstacle I have ever faced thus far.
- Seek Clarity
And remember that security starts with you.
About the Author: Tyler Wall is a Senior Security Engineer and a life enthusiast. He has experience in creating and leading global Security Operations Centers and red teaming as an experienced Ethical Hacker. He has Bachelor’s degree with a concentration in Information Security and hold numerous current industry certifications. He enjoys staying on the bleeding edge of the security industry and contributing to the community. In his personal time he is chasing goals, travels and enjoys life experiences with his wife and dog.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.