Building Tomorrow's Security Leaders
-
Upload
anitian -
Category
Technology
-
view
713 -
download
2
description
Transcript of Building Tomorrow's Security Leaders
intelligent information securityAN IT IAN
BUILDING TOMORROW’S SECURITY LEADERS
intelligent information securityAN IT IAN
MEET THE SPEAKER – ANDREW PLATO
• President / CEO of Anitian • 20 years of experience in IT & security• Completed thousands of security
assessments & projects• Discovered SQL injection in 1995• Helped develop first in-line IPS engine
(BlackICE) • Co-developed RiskNow™ - Rapid Risk
Assessment approach • Championed movement toward practical,
pragmatic information security solutions
intelligent information securityAN IT IAN
• We enlighten, protect and empower great security leaders. • We believe security will make the world a better place. • Security intelligence services:• Compliance (PCI, HIPAA, NERC, etc)• Risk Assessment • Penetration testing• Incident response • Security integration • Managed threat intelligence
ANITIAN
intelligent information securityAN IT IAN
OVERVIEW
Intent • Discuss the importance of leadership on organizational security• Define the qualities of a great security leader
Outline1. The Security Leadership Challenge2. Foundation of Trust3. Qualities of Great Leaders
intelligent information securityAN IT IAN
SECURITY LEADERSHIP CHALLENGE
intelligent information securityAN IT IAN
Logic clearly dictates that the needs of the many, outweigh the needs of the few…or the one.
- Spock, Star Trek II, The Wrath of Khan
intelligent information securityAN IT IAN
I just want to do the right things
intelligent information securityAN IT IAN
Please care about security…
…but don’t care about security
SCHIZOID SECURITY
intelligent information securityAN IT IAN
MOST DANGEROUS THREAT TO A BUSINESS
PEOPLE
intelligent information securityAN IT IAN
INDIGNATIONIS NOT INSPIRING
intelligent information securityAN IT IAN
The Very Important Corporation possesses information that is sensitive and valuable, e.g., personally identifiable information, financial data, building plans, research, and other information considered sensitive. Some information is protected by federal and state laws or contractual obligations that prohibit its unauthorized use or disclosure. The exposure of sensitive information to unauthorized individuals could cause irreparable harm to the Very Big and Extremely Important Company or its board members, and could also subject the Company to fines or other government sanctions. Additionally, if Company information were tampered with or made unavailable, it could impair the Company’s ability to make wads of cash. The Oh So Massively Huge and Phenomenally Important Company therefore requires all employees to diligently protect information as appropriate for its sensitivity level.
COMPLIANCE ROCKS!
intelligent information securityAN IT IAN
The Golden Circle
Simon Sinek: www.startwithwhy.com
intelligent information securityAN IT IAN
intelligent information securityAN IT IAN
intelligent information securityAN IT IAN
SECURITY LEADERSHIP MUST EVOLVE• Programs that empower• Audits that fuel growth and improvement • Controls that truly protect• Policies with vision• Shared values• High-value, high-trust relationships
intelligent information securityAN IT IAN
PEOPLE NEED PURPOSE• Engaged employees are more likely to:• Take responsibility• Be accountable • Focus on results over effort • Keep commitments • Do the right things• Protect and care about the business• Grow and mature
• We need people with a stake in the business
intelligent information securityAN IT IAN
A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves.-Lao Tzu
intelligent information securityAN IT IAN
VIRTUOUS CYCLE OF ENGAGED EMPLOYEES
Engaged Employees
Informed Decision Making
BetterPractices
Effective Controls
AuthenticCare
Innovation, Growth,
Prosperity
Great Leader
intelligent information securityAN IT IAN
FOUNDATION OF TRUST
intelligent information securityAN IT IAN
HIGH-TRUST ENVIRONMENT
• Trust is the fuel, energy, currency, and foundation of security leadership
• Trust is the bedrock of security and leadership
• Trust can polarize
intelligent information securityAN IT IAN
1. COMMUNICATE CLEARLY
DO• Always honest• Use simple, direct language• Say it like it is• Start with why
DO NOT• Lie, deceive • Ignore issues issue• Manipulate through deception
intelligent information securityAN IT IAN
2. BE TRANSPARENT
DO• Share openly, be authentic• Declare your intent • Admit your mistakes, solicit feedback• Be honest about why you cannot be open sometimes
DO NOT• Hide, cover up information• All talk, no action • Horde information
intelligent information securityAN IT IAN
3. CONFRONT HARD TRUTHS
DO• Acknowledge weaknesses• Solicit feedback• Conduct rigorous tests and audits• Share results openly• Make everybody aware of the problems
DO NOT• Hide weaknesses • Cover up problems • Conduct meaningless check-box type tests
intelligent information securityAN IT IAN
4. RIGHT WRONGS
DO• Fix the problem• Apologize quickly and make restitution• Be humble, respect differences
DO NOT• Blame others• Avoid problems
intelligent information securityAN IT IAN
5. COMMIT
DO• Only make commitments you can keep • Make things happen, deliver real, tangible results • Terminate people who cannot deliver results
DO NOT• Make commitments you cannot keep• Deliver activity or busywork• Keep underperforming employees, they are toxic
intelligent information securityAN IT IAN
6. BE AGILE
DO• Constantly grow, improve, and mature• Push people outside of their comfort zones• Make change the normal• Cross-train• Be conspicuously appreciative of feedbackDO NOT• Retain broken procedures and practices• Inflexible• Focus on comfort• Criticize improvement
intelligent information securityAN IT IAN
7. CLARIFY EXPECTATIONS & VISION
DO• Establish clear expectations• Have a clear vision for success• Revalidate expectations & vision regularly • Re-clarify, re-re-clarify, re-re-re-clarify if necessary
DO NOT• Assume people know what the right thing is • No planning, vision, or direction• Be indecisive
intelligent information securityAN IT IAN
8. LISTEN
DO• Spend more than 50% of any conversation listening• Intentionally slow down• Analyze, ponder, and reflect• Validate what has been said • Ask why
DO NOT• Dominate the conversation• Cut people off • Tell how
intelligent information securityAN IT IAN
9. TRUST BUT VERIFY
DO• Trust freely, those who have earned it• Trust conditionally, those who are earning it• Verify trusting behavior• Require trust from others
DO NOT• Trust those that behave untrustworthy• Trust based on what people say
intelligent information securityAN IT IAN
10. BE LOYAL
DO• Openly give credit to others• Speak as if they are present • Stand behind your people
DO NOT• Take credit • Badmouth• Throw them under the bus
intelligent information securityAN IT IAN
QUALITIES OF GREAT SECURITY LEADERS
intelligent information securityAN IT IAN
TRUSTWORTHY
ABRAHAM LINCOLN
intelligent information securityAN IT IAN
ANALYTICAL
NIKOLA TESLA
intelligent information securityAN IT IAN
VISIONARY
STEVE JOBS
intelligent information securityAN IT IAN
INSPIRATIONAL
VINCE LOMBARDI
intelligent information securityAN IT IAN
INCLUSIVE
DR. MARTIN LUTHER KING JR.
intelligent information securityAN IT IAN
HUMBLE
MAHATMA GANDH
intelligent information securityAN IT IAN
FEARLESS
AUNG SAN SUU KYI
intelligent information securityAN IT IAN
I do the right things...
…always
intelligent information securityAN IT IAN
Final Thoughts• This is not weak leadership• Not everybody can handle it• Long term effort • Benefits are lasting and profound • Must put your attitude and ego in check
It's a far, far better thing I do than I have ever done before. A far better resting place that I go to than I have ever known.
intelligent information securityAN IT IAN
EMAIL: [email protected]:www.linkedin.com/in/andrewplato/TWITTER: @andrewplato
@AnitianSecurityWEB:www.anitian.comBLOG: blog.anitian.comSLIDES: bit.ly/anitianCALL: 888-ANITIAN
THANK YOU