The Human Side of Information Security

30
The Human Side of Information Security Presented by: Rob Arnold, CISSP

Transcript of The Human Side of Information Security

The Human Side of Information Security

Presented by: Rob Arnold, CISSP

Rob Arnold

• Human for 47 years• Musician for 39 years• IT guy for 19 years• Security guy for 17 years• Manager for 8 years

Agenda

• The Security Connection• The CEO of One• There are two “I’s” in team• Drill Deeper

THE SECURITY CONNECTIONThe Human Side of Information Security

When Worlds Collide

• Security managers are usually senior security practitioners first

• Managing (developing and retaining) technical experts is hard, even for a manager who is one of them

• Receiving management support mentorship and training is the exception, not the rule

• Best techs may not make the best managers

Area: Kansas City, MO-KSEmployment:

720Location Quotient: 1.24Employment per 1,000: 0.73Annual mean wage: $79,550

THE CEO OF ONEThe Human Side of Information Security

Maintain inbox zero

• The four-D system– Delegate– Defer– Do– Delete

• Only touch a piece of mail (or paper) once• Use rules, conditional formatting, and other

mail client features to impose order

Manage your now

• Planning at the 1-day time scale– Schedule your day, once a day–Weekly wrap-up of deferred work

• Strategic deferral of work• Quick win: turn off notifications of new email

Track your success

• Support your team by reviewing their individual accomplishments

• Yes, this is resume building• Every quarter, review this list with each of your

team

THERE ARE TWO “I’S” IN TEAMThe Human Side of Information Security

The first: Identification

• Actively seek inside jokes, code names, restrictive vocabulary

• Find a common adversary• Not: tshirts, uniforms, pieces of flair• Focus on characteristics you share• Manage how your team is perceived

The second: Interdependence

• Change the emphasis from “we’ll fail unless we pull together” to “cooperation is the best success strategy”

• Let cooperation be the proxy for interdependence

• Look out for undermining team members• Look out for “groupthink”• Make your team exclusive--“select” rather than

“assign”

Open your mouth

• Make it as close as possible to the result• Tell other people about your team’s successes• Make it in front of the team if at all possible• Your team hears your praise long after you give

it

Set the tone

• Don’t let the praise get diluted by a background level of indifference (or worse)

• Talk to your team, and listen.• Quick win: Make a list–Mark a + by the people you greet regularly–Mark a 0 by the people you greet occasionally–Mark a – by the people you greet rarely

Enrich their jobs

• This is not “more work to do”• Think vertical, not horizontal• Look for opportunities to engage with your

organization’s senior leaders• This is an effective way to challenge and

reward high performers• Increases a sense of mastery

Stand up your meeting

• Quick win: Daily stand up meetings• Rules of engagement:–Mandatory– Standing– Only discuss today’s work plan

• Benefits: – Visibility, accountability, reduced duplication of

effort

Marketing is not a department

• Marketing is:– Every time your staff answers the phone– Every email sent from your team– Every invoice you send– Every deliverable you generate for a customer

• The sum total of all the things your team does

Cultivate organizational clarity

• A healthy organization knows:–Why the organization exists–What values are fundamental–What business it is in–Who its competition is– How it is unique–What it plans to achieve–Who is responsible for what

DRILL DEEPERThe Human Side of Information Security

Death by Meeting: A Leadership Fable...About Solving the Most Painful Problem in Business, Patrick Lencioni

The Man Who Lied to His Laptop: What Machines Teach Us About Human Relationships, Clifford Nass

Rework, Jason Fried and David Hansson

First, Break All the Rules: What the World's Greatest Managers Do Differently, Marcus Buckingham and Curt W Coffman

Total Workday Control Using Microsoft® Outlook, Michael Linenberger

Thank you!

[email protected]