Join Mike Chapple for an in-depth discussion in this video What do you do when conflicts exist and leaders want to push ahead?, part of Insights from a Cybersecurity Professional.
- The security professionals often find themselves in the situation where functional leaders or business leaders are trying to do something that really just isn't in the organization's best interest from a security perspective. I think the most important thing that security professionals can do in a situation like that is make sure that they're not perceived as Dr. No. It's very easy for security professionals to get that reputation and become the land of no. And that's the quickest path for security to become pigeonholed in the corner and not listened to.
So, what a security professional really should do, when they find themselves in a situation like that, where somebody's trying to do something that just isn't in the best interest of the organization, is sit down and explain to the person what the situation is and how it could jeopardize security. And then, do things that help them be perceived as the helpers, the facilitators, the people who say yes. Offer an alternative. If somebody's trying to transfer information and they want to do it using an insecure protocol, help them to set up an encrypted connection, help them figure out how they can meet whatever their business objective is without jeopardizing security.
Then, the other thing is, if you wind up in a situation where you just can't find an alternative, just be patient and make sure that you explain to someone what the risks involved are. Remember, security is all about risk and risk management, and in some cases, business leaders may choose to make a decision and take action that goes against the recommendation of security professionals, but that's their prerogative, they're the ones making that decision. It's the security professional's responsibility to make sure that they're making an informed decision from a risk perspective.
- How does one break into the cybersecurity field?
- What are the various career tracks?
- How do organizations prevent a security breach?
- What are the compliance issues?
- Who is responsible for security in the cloud?
- How does IT security impact other business divisions?
These are the kinds of insights that can help you explore a new career, focus on a course of study, or even prepare for an interview.