Security Experts:

How to Spot an Ineffective Security Practitioner

Root out ineffective security practitioners to keep your security teams protected and engaged in a productive manner

I was recently introduced to someone professionally by a mutual contact. We set up an initial phone call to discuss a few things, and it seemed to go very well. After that, while exchanging a few text messages around security topics, all of a sudden, the person began answering very curtly and abruptly. After that, the person stopped answering entirely.

While this interaction was strange, it is not unheard of or unknown. I’m guessing that many of us have experienced something like this, either personally or professionally, in the past. In my experience, this type of behavior is one of a number of different indicators that the person may not be an effective security practitioner. 

Along these lines, I’d like to offer five tips on how to spot the signs of an ineffective security practitioner that can harm your security program:

● Territoriality: Without fail, all of the top security professionals I’ve worked with throughout my career have been team players. They understand that what is best for the individual and what is best for the security team are not necessarily at odds with one another.  In other words, it is possible to advance one’s career while acting entirely in good faith and in the best interest of the security organization. On the other hand, some of the most ineffective security practitioners I’ve worked with have been extremely territorial.  Unfortunately, they often see what the team needs and what would be good for others as contrary to their own interests. As a result, they become extremely territorial, fending off anyone getting a little too close to what they view as theirs.  If you see this type of behavior, it may be a sign that the person exhibiting it is not an effective security practitioner.

[ READSeven Attributes of a Great Security Team ]

● Lack of responsiveness: Ask a question, get an answer. Share a document, get feedback, comments, and input. Request information, receive it.  Or, at least that’s the way it’s supposed to work. In cases where responsiveness is scattered, delayed, evasive, or entirely non-existent, that is a red flag. Often, lack of responsiveness is a sign that the person behind it is withholding information, attempting to control the narrative, and/or trying to hide something. Whatever the reason, it is a sign that this person is bad news.  Certainly not the type of person we want to be working with.

● Inconsistencies: One of my favorite Mark Twain quotes is “If you tell the truth, you don't have to remember anything.” How true that is. When people begin telling different stories to different people, behaving differently towards different groups, and/or sharing different tidbits of information with different audiences, it often catches up to them.  At some point, people may begin to notice that the stories just don’t add up.  Maybe they don’t seem plausible. Maybe they contradict something heard elsewhere or seen in writing.  Maybe they change and evolve over time. Whatever the clue, inconsistencies are an alarming red flag. More often than not, they signal to us that we ought to be very wary of the person they are coming from.

● Politicking: We’ve all come across people who spend more time cozying up to people they feel are important to advancing their agenda than they do actually working.  While some amount of socializing is required in nearly every professional environment, when it gets to the level of excessive politicking, it is a warning sign. True professionals can let their high quality work speak for itself.  For those whose work isn’t quite up to the required level, they often resort to politicking as a means to promote their own interests.  If you observe this type of activity, take it as a hint that the person doing it is likely quite different from the way in which they represent themselves.

● Fast talking: We’ve all met fast talkers in our lives. You know - the people who use lots of big, fancy words, yet when we try and piece together the meaning from those words, we get nowhere. In addition, fast talkers are very often light on actual action. Fast talking is a tell - a sign that the person doing it is full of hot air and not actually up to the task at hand. Be cautious around fast talkers - your security program will be better off for it.

Unfortunately, there are those in the security profession that are not particularly effective as practitioners. That being said, there are signs that can help us spot them, be wary of them, and navigate around them in our respective work environments. This can help us keep our security teams protected and engaged in a productive manner.

RelatedSeven Attributes of a Great Security Team

Related: How Stubbornness Can Harm an Organization's Security Posture

RelatedHow Not to Micromanage Talented Employees

Related: How Self-Doubt Can Keep Your Security Team Sharp

view counter
Joshua Goldfarb (Twitter: @ananalytical) is currently Director of Product Management at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.