Helpdesk to the Boardroom

Daniel Blander and I had the chance to present at Bsides Austin in April 2012. Daniel wrote a great summary for Infosec Island capturing our key points to read the original post follow the link:

Helpdesk to the Boardroom.

by Daniel Blander

As security professionals, we eagerly hone our technical skills and immerse ourselves in the latest research.

Yet too many of us who want to move up feel that we are marginalized, not listened to, and become frustrated at our lack of professional advancement.

What could be the problem and how can we overcome it?

Sean Cordero and I compared our experiences and found them to be very similar, both in the challenges we encountered and how we overcame them. Sean started his career at the helpdesk of a computer repair shop.

I started as a computer-aided design operator for an architectural firm. We both felt was that despite our opinions of our worthiness, our existing skills were not enough to get us promoted.

We now realize we were stuck in what we call the WOMBAT syndrome*. The syndrome manifests in statements like “We need to force the users to do it!” that sound absolutely ridiculous to an outsider, but seem perfectly normal to an overly confident and technology addled mind.

As we learned to escape from this syndrome we identified four changes in our skills that made the difference in our lives and our careers:

Being open to learning and change. Too often we think we have the right answers, and are bristle at any questioning. This can alienate people and make them think you are arrogant. We learned that if we opened our ideas to exploration and challenge our ideas got better through dialectic that we encouraged.

Learning how to communicate. We noticed the poor communication between ourselves and our managers and executives. We watched ourselves being pushed aside by management couldn’t understand us. We adjusted our language and the mediums we used to communicate which caused the relationships to change. While society has adjusted to social media and email, good old face-to-face communication allowed us to correctly set the tone of our message, and build that relationship.

Having empathy for the goals and motivations of others. As we opened ourselves up to learning and change, we began to hear the real goals and motivations of the people around us. Even the business as a whole had goals and priorities –making money and keeping good people employed! We realized that if we couldn’t incorporate these goals in our decisions, no matter how earth-shattering our idea was, it would fail.

Effective problem solving. As our perspective changed, we began to see the range of opportunities in every problem. Problem solving was now not a unilateral activity but a collaborative activity with participation from a wider group of stakeholders. We realized that there isn’t just one way to do things, and it is best accomplished with a team.

We discovered that when these four traits were combined they created a different result; not only did we solve bigger problems better, we were appreciated by our peers and our managers now saw us as promotable.

*WOMBAT = Waste Of Money Brains And Time

Sean Cordero is the former CSO of EdFund and currently the President of the consulting firm Cloud Watchmen Inc. Daniel Blander has been a CTO and CSO at several companies, and is currently President of the consulting firm Techtonica Inc. Sean and Daniel shared their experiences of breaking out of this rut in their talk “Helpdesk to the Boardroom” at BSidesAustin.

Body Building Principles to Build Your Security Program

Having problems losing those soft “compliance love” handles that have stacked around the waist of your information security program?

* Tired of going through the annual or quarterly “check-box exercises” for your security program instead of hitting the issues that really matter to the security posture of your organization?
* Does it feel like the threats are outweighing your collective strength?
* Do you desire a no-frills, results-driven, revision of your security program?

If you answered “Yes” to any of the above let’s hit the gym together and see where we stand. This presentation provides a back to basics approach using the fundamentals taught in bodybuilding (Yes! Arnold!) to revisit our security programs and get us back into our skinny jeans. And, for at least the length of the presentation, slow down the vortex of tools, acronyms, and buzzwords that keep us from doing what we do. Protecting people and important stuff.

First presented at

Pink Shirts in Your Security Tools Closet

Learn to identify what a pink shirt is in your information security wardrobe (your infosec tools), and how they can be a source of unbalance and possible embarrassment. However, when used correctly they help draw together your existing tools and be a source of increased capability and insight. Originally presented at CSO Security Confab 2011