|
| Recent
Articles |
CIOs Don't Feel The Love
When it comes to expectations, CIO's and IT Managers are not feeling the "love" from their managers. "Nearly six-in-ten CEOs say they are satisfied or very atisfied...
When The Paranoia Meter Pops
Bad security days happen, when the paranoia meter pegs and there is no substantiating facts behind it, some days it's bad to be a paid paranoiac. The day might start...
Thoughts On ITIL
Interesting, skeptical take on ITIL, by a person (Noel Bruton) with some apparent long term presence in the industry. He claims that there are four schools of thought with respect to configuration management: Those...
Information Security - A People Problem
Interesting article out on outlaw about how information security is a people problem, which is something that we all probably really do know, even if we won't really...
What Are Our Co-workers Doing On The Net?
8e6 has a report here that should provide all of us in security an amusing insight into what our co-workers are doing on the internet. Apparently, they ran a contest to see who had the most egregious uses of the...
Vista To Be More Generous Than Santa
Once Microsoft Vista gets into the marketplace, it will benefit the economy and drive job creation in the tech industry; no word on whether it will whiten teeth...
Rules For Great IT Project Success
Project delivery makes IT organizations credible. When IT "gets it right" at the project level, its ability to impact the financial results of a company increases and its...
|
|
|
04.02.07
Information Security Creativity
 By Dan Morrill
1. There has to be creativity in information security - without it we keep on doing the same things over and over again, regardless of the outcome, or the technology that we are working with.
2. Information Security is different with different requirements depending on the industry that the practitioner is in, each one requires its own solutions to be successful.
3. There is nothing fundamentally wrong with a standard, as long as that standard is industry specific
4. Certificates in information security are generally useless on the practical side, but excellent on the HR weeding out process
5. Ethics IS important; no one can afford an ethically deficient person in the IT Field (any subset of the industry)
All of these lead to a round about conclusion that we need the following to make things happen in a good way in any
organization:
1. Hire for technical ability, creativity, and socialization skills. I am well aware that this will cause problems in the ability to find these people, they are rare
2. In the interview ask "how would you solve this problem" and see what their responses are, is it purely technical, is it part technical part social, does the solution make sense to the company, how well do they communicate the solution?
Know what your company culture is like, find a good match. Find good creative, socialized, normalized people who will function well within the organization. Really these seem to be fundamental rules that will work well in any organization because they are not organization or industry type specific.
Rather then, it would seem that the requirements for making the right decision to hire in the right person for the job requires that management and fellow co-workers take a cold hard look at the person, and the absolute requirements for the job to be filled now or can it wait. Usually the hire can wait on the right person, but in terms of cost, it is better to go through a series of interviews to make sure rather than make a bad judgment call. It all boils down to the concept of which is more expensive in the longer run, a bad hire which causes problems in the group/team/organization or the cost of interviewing. Personally I would think that the cost of the bad hire is more expensive in the longer run in terms of medical issues, socialization issues, work completion issues, reputational issues and other complex issues within the organization.
All of these responses require that people be creative and understanding with a high EQ (Emotional Quotient, or emotional/empathy index). It requires that the creativity to solve the problems of IT or information security requires on the part of at least one member of the team being able to see the problem for what it is, have the authority and ability to think of a suitable solution that minimizes risk, work within the best interests of the company, then socialize and sell the idea to not just IT, but management, sales/marketing or other involved sections of the organization. I know of maybe a handful of IT people that could do this. However, this is also becoming important to companies, as I believe they have seen the same things over and over again over the last 15 or so years. There is a place for people who can not socialize or communicate well, but those roles are becoming less and less over time, where highly socialized roles are becoming more important.
Managers and fellow co-workers have a hard road ahead of them, with the current inability to graduate the right people, shifting requirements in IT, technology and support systems for the company, makes me wonder if we will ever really be able to accomplish this change in IT culture. I know people are doing it, but it will be dependent upon finding the right people at the right time to do the right thing. That in its own right will make the next 20 years of IT all the more challenging.
Comments
About
the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
