| Be an Enabler
The hackers are constantly innovating. Why aren't you?
If you want to be successful in your position you may need to adjust your way of thinking when it comes to security. You need to be an enabler not a gatekeeper.
Security has traditionally been a game of block and tackle defending against outside attacks. Today, however, security needs to protect but also enable a business to thrive and grow.
To do this, you need to bolster some skills. You're going to need to be able to communicate (and not rely on acronyms and technology) and you're going to need to be a risk-taker (and I'm not talking about the risk framework kind).
You've got to embrace change and technology, and this may smack against everything you're used to or comfortable with. Remember, business innovation is not another threat but rather an exciting opportunity for you.
Take technology. Web 2.0, social networking, BlackBerries, iPhones, USB drives--they should be your friends, not the bane of your existence. Why? Because these technologies have the potential to allow organizations to increase efficiencies, and become more nimble and productive. And let's face it, the newly minted college grads just starting at your company view these tools as a way of life--as common as electricity.
How about the next technology medium that could affect your organization? How much do you know about it and how can you effectively secure it? Prohibiting the use of new technology is the easy way out. Instead, figure out how to make it work in your organization. By making newer technology safe, you become part of the business process.
And forget about your own problems for a moment. Think about the challenges your boss or your boss' boss is grappling with. Can he or she understand technology trends that may be coming? On the other hand, do you grasp the challenges within your organization or your particular business sector? Think big picture. Getting one step ahead can bolster your career. Which brings me to the second vital skill: communication.
In my travels I have talked to many security pros who have said that one of their biggest challenges is accurately communicating risk to upper management. An important part of communication is actually listening first. Seek out others in your organization. Get out of your silo. Ask them questions about their problems. Listen. Become a trusted adviser.
If you have the opportunity to pitch something to upper management, test it out on these various departments. Are you missing something? Another department may have questions or a perspective that you didn't know about or think about. Make sure you've addressed as many of these concerns as possible before going into your meeting. You've got a limited amount of time to make a good impression and get your point across. The more you can talk to the general business, the better off you will be. And good luck.