In such a business-centric environment, what then should be my real role in securing the program. Step 1. Stick to the plan. It's my responsibility that the program sticks to its charter, vision, and mission. The program should either stay true to its original intent or if modified have clear definition and still fit with the vision. If there is no plan, get one done. Scope what you are actually trying to accomplish as a program, not as an individual. Step 2. Assess the risk. Business leads don't always know what's coming or what's lying in wait for them. Its our job to ferret out any snakes and alert our leadership of them. This may not make us the most popular person, but letting something slide that ends up damaging a program can be career ending on your part. Step 3. Make others aware. Put on your professor cap and start to share all that meaty knowledge you have up there about security and precautions a program office must take. Destroy the myth that a Security Engineer is the guy you hire to make sure your IDS is turned on or that hacks into your network and makes you look bad... we do other things besides that. ;)
As a consultant I can often get caught up in the day to day. Programs are short-handed so it can be very easy get too involved and forget who you are as a Security Engineer. It is best to step back and ask whether your skills are being fully utilized. Prepare a paper or presentation on one change you would recommend. If you have more than one idea save them for later, just concentrate on one idea before presenting a new one. Coming out with new ideas or questions shows consistency, so if you don't get your leadership's attention the first time you just get one past the goalie on another go.
No comments:
Post a Comment