Mon 30 Mar 2009
Leading in difficult times
Posted by andyitguy under Leadership, information security
[3] Comments
It seems that every day there is more bad news of some sort or another that affects the economy, jobs, or some other aspect of our life. Once this all plays out things will look quite a bit different than they do now. Companies that we trusted and relied on will be gone along with the support that they provided for some of our technologies. Sure someone will step in a pick up some of the slack but there will still be a noticeable void in many of these. For some the demise of these companies will have a greater impact because they will lose their job or have their income reduced by quiet a bit due to shortened hours, mandatory furloughs, reduction in wages, etc…
Things will also look differently within your own company, department and team. Even if everyone survives in tact there are probably going to be noticeable changes. Peoples attitudes will change. They will become more suspicious of others and look for ways to jockey themselves into a better position with the boss. They may start keeping detailed notes of everything that happens so they can cover their actions and prove their value. They may develop a bad attitude towards management or the company in general and that will affect how they act. Obviously during this time spending will likely decrease and you will have to make do with what you have. You may have to make things do things that they weren’t intended to do or put in solutions that you wouldn’t put in otherwise.
All of this will have implications on the future of your team and company security. These will also give you a chance to step up and make some real strides towards actually improving the quality of the security program. This will give you a chance to show your leadership skills and potential.
Leadership is what is desperately needed in the information security community. Leadership at the local level and across the globe. I’m not talking about standards bodies or even organizations such as ISC2, ISACA, ISSA. What I am referring to is individuals and small groups who are willing to step up and lead in making changes to how things are done. People who are willing to challenge the status quo and quit following the crowd and adopting “best practices” in every situation. People who are willing to take a hard look at what their company is doing and standing up to those who want to continue doing the minimum and move up to a level of security that actually secures the data and not just meets compliance.
We need to challenge those that we work with to quit just going through the motions. Encourage them to start thinking about problems in different ways instead of applying the same ole fix to a problem. Encourage them to get outside their box and read content that will challenge them. Encourage them to learn the business and work with the users and business units to solve problems instead of saying “no” or applying a solution that meets their basic need but makes their job more difficult.
We need people who have a name and status in the community to speak up and start really challenging the rest of us. Quit spewing out the same ole garb and actually start talking about things that will make a real difference. Quit touting compliance and start talking security. Quit wasting our time with meaningless data and stats and start giving us real action items. I’ve noticed over the past year or so that most everyone is saying the same thing and it’s that same thing that has been told to us for years. Thankfully there are a handful of individuals who are stepping out of the norm and are giving us real things to think about we just need more of them.
The days ahead will require all of us to step up our game or get passed by. Some of those who get passed by are actually people who are some of the best at what they do because they won’t adapt to the changes needed. Some of those who are currently unknown will become some of the global leaders in the future because they do adapt and start leading others locally and building something that will make a difference.
3 Responses to “ Leading in difficult times ”
Trackbacks & Pingbacks:
-
[...] Summit, I had the pleasure of meeting Andy this January in Madrid. He recently wrote a post about leadership during difficult times, a great essay that challenges us to be creative, come up with unique solutions, and adapt to the [...]
Andy,
Great post.
I couldn’t agree more.
Where should Security Pros go to learn more about leadership?
What are your favorite leadership resources?
What do you do when you speak up and challenge the status quo, but no one listens?
Ron W
There are lots of good leadership resources out there. I think you and I share a preference for John Maxwell. He has lots of good resources from books to monthly mentoring CD’s to seminars. The Creative Leadership Institute is also a great place to learn from. In my opinion the best place though is from leaders that you personally know.
As for what to do when no one listens…. just keep right on talking. You do what you can do and encourage others to do the same. They may not listen but they are hearing and watching and some of it will sink in.