Copyright © 2010 What The Hell? Security?
Don’t get me wrong. I love security engineers. Some of my best friends are, or used to be, security engineers. Hell, I used to be one myself.
But we’ve gotten to the point where we have way to many of ‘em. They’re practically crawling out of the woodwork relative to what we need. And what we need are loads and loads of security coaches. What’s a security coach, you ask? A security professional that:
Converses in the business vernacular
Operates in harmony with the business
Achieves progress with a light hand
Converts skeptics into volunteers
Highlights reliability over security
Quick now: Did you roll your eyes or turn up your nose at that acronym? Or gag yourself with a spork? Yeah, so did I. We’re security engineers!
And the rest of you are non-spork-totin’non-gaggin’security coaches! So what the hell are you doing standing around looking at me for? Go on, get the hell out of here. And start coaching I mean.
Filed under: security, security sense
I’m more of the opinion that we need to encourage our IT and security people to be more well adjusted humans.
So many of the industry is socially dysfunctional that they need to be hidden behind several layers of people who can communicate, listen, and speak in a healthy manner.
I’m tempted to call myself complex systems manager instead of information security engineer or one of the myriad of other titles. Usually I just go with “technologist” or “big geek” as people understand what that means and, to the layman, no one understands what I’m talking about otherwise.
It is unfortunate to me that I have to lay this at the foot of generally poor industry social skills, because that seems to be the core failing.
http://blogs.techrepublic.com.com/tech-manager/?p=425
We talk about things like being business relevant and being convincing, but the failures of not being able to accomplish this regularly as an industry have painted us into the compliance corner we are in today.
Personally, I wonder if sending the geeks out to a day spa and then to a fancy dress cocktail party with people who find smart people interesting might to more good for an IT company culture in one evening that no amount of coaching could hope to achieve.
I’m kind of kidding, but really. How do you diffuse management of complex systems and making risk management decisions based on limited data sets from being a religious or philosophical argument?