How Will You Be Remembered?

Yeah, the title does sound a little morbid, but don’t worry, this is not a eulogy.

We all know first impressions are everything. 

But so are 2nd and 3rd impressions and every interaction you have with people.

I’m not talking about dating, although I have learned many lessons recently in my journey to find the next “one”.

I’m referring to how we as security practitioners are viewed by the people we work with.

How we interact with our colleagues, vendors, and clients will shape their view of how security people are.

Like it or now, we are the ambassadors for our industry.

Oh, you guys

I’m on an airplane writing this now. While on line to board, a pilot was standing behind me. I am quite intrigued by their profession and am always impressed by their demeanor. So being who I am I struck up a conversation.

During our conversation, the topic of cybersecurity came up. Immediately the first thing he mentioned was how he gets “those emails” and when he clicks the wrong link gets a big red sign that he made a mistake.

This was not the first time I’ve experienced this.

“You’re the guys that are always trying to get me!” one individual said to me years ago after learning what I do while traveling. 

He sounded kind of upset and annoyed.

The pilot on the other hand didn’t mind at all. He cited his experience in the military and that it didn’t phase him at all.

What does this all mean?

Empathy

It means whether we are putting together a phishing test, making recommendations for security architecture, or putting together policies and procedures for our teams to follow, we need to consider how it will land.

How will our new procedures be implemented?

Did we get feedback from key champions before putting it out there?

Do we have a good pulse of the business and its needs?

Consider the Tactical Empath Approach by Chris Voss.

These are just a few questions that would help build empathy and understanding of the teams and people we work with.

Will I be tolerated or celebrated?

Whenever I walk into a new company, I try to first gauge what their impressions of cybersecurity, and more importantly cybersecurity people is.

Will I be welcomed?

Will there be friction?

The answer to this and many other questions is going to be a byproduct of their interactions with the security people previously, either at the existing company or in previous tenures.

In summary, have people had previously negative or positive experiences?

We are often a product of our experiences.

Was the last security team technical or more compliance focused? Were they enablers or gatekeepers? Were they easy to work with, or difficult? Did they understand the business and technology or were they completely disconnected?

Representing the industry

We as security practitioners carry a lot of responsibility.

Not only do our actions matter in the micro sense, but they have an impact beyond our existing roles and tenure.

Just like a minority in any country, you are representing everyone with your actions (and inactions).

Sounds like a lot of weight on our shoulders, right?

Yup, it is.

Our job is not easy. It requires a great amount of emotional intelligence at times.

It can deplete you, especially when everything is an uphill battle.

We need to make sure we are recharged, ready, and able to balance.

Pickup the phone or meet that person face-face, vs blasting that email or slack message. 

Be a learner and an educator, and approach everyone as if you have something to learn from them and vice versa.

It will make your job easier.

We need to choose our battles and think of the long game.

You got this.