By understanding what makes a great security practitioner, organizations can learn how to recruit and retain effective security practitioners
In my previous column, I discussed how security professionals can recognize the warning signs and spot ineffective security practitioners. In response to my column, an interesting dialogue on social media ensued, with extremely poignant insights from a few effective security practitioners. Engagement and dialogue is, in and of itself, a great outcome in response to a piece of writing. In addition to that, there was also a request to write from the opposite perspective – what makes an effective security practitioner.
I thought that was a great suggestion. So, as requested, here are my thoughts on seven traits that effective security practitioners exhibit:
● Selfless: The best security practitioners aren’t worried about themselves, their careers, what people will think of them, or what is and is not in their job description. Instead, they look out for team members and do what is best for the security organization and the enterprise. This behavior does not go unnoticed – the good security professionals I know see and appreciate it. The result is that what is best for the team is also generally best for the individual.
● Good listener: As far as I am aware, the human brain is not capable of speaking and listening at the same time. As a result, people who speak a lot and/or dominate in a spoken forum often have a listening deficit as a result. Great security practitioners listen more than they speak. This allows them to truly understand the issues and challenges at hand, process them, analyze them, and then offer insightful and helpful suggestions and ways forward.
● Introspective: The author Bertrand Russell wrote in 1933 that “The fundamental cause of the trouble is that in the modern world the stupid are cocksure while the intelligent are full of doubt.” The most talented security professionals I’ve worked with over the course of my career were incredibly introspective. They were always analyzing and re-analyzing events to understand if they could have handled them better, behaved differently, or led the efforts in a different direction. The result is a near constant course correction that leads them in a better direction security wise.
● Credits others: Some people take credit for everything that goes right and blame others for everything that goes wrong. Not an effective security practitioner. They take the blame when mistakes are made and work to rectify those mistakes and improve the state of affairs. When things go well, those same practitioners give all of the credit to the team. As you can imagine, this builds confidence in and loyalty among other security practitioners. That, in turn, motivates them such that they produce higher quality work.
● Collaborative: Improving the security posture of the organization and elevating the level of the security team as a whole both require working collaboratively within the team and with the business, executives, and other stakeholders. This is where the best practitioners excel – building bridges, relationships, and trust across organizational boundaries. This benefits the enterprise as a whole and makes the state of security within the enterprise much stronger.
● Communicative: Whereas weaker and more ineffective contributors seek to control the narrative and the flow of information, stronger and more effective contributors do not. When a security professional is operating above the board, they need not fear openness, transparency, and straightforwardness. As a result, the top professionals are often quite communicative. This makes it easy to understand where they are, where they are going, and what the plan is to get there. As you can imagine, this openness, coupled with a receptiveness to feedback and an ability to make adjustments around the direction make for a much better security state overall.
● Delivers: Talk is cheap. Actions speak louder than words. At the end of the day, no matter what has been said, promised, or touted, for a security practitioner to be effective, they need to deliver results. Actual results that is, and not fluff. The discerning, trained, and experienced eye will be able to tell the difference quite quickly. The most effective security practitioners deliver quality results consistently. Other talented and effective practitioners will stand up and take notice of this.
Not surprisingly, great security organizations are made up of great security practitioners. By understanding what makes a great security practitioner, organizations can learn how to recruit and retain effective security practitioners. This will allow them to maximize effective practitioners on the security team while minimizing ineffective ones. This, in turn, is an important tool for overall team success and an improved security posture.