3:25 PM -- I recently took a class from our HR department on Stephen Covey's "Seven Habits of Highly Effective People," which started me wondering about the habits of highly effective security people.
At first pass, several of Covey's habits line up perfectly with what I would consider habits for top security pros, such as "Be proactive" and "Begin with the end in mind." Heres a look at four of what I consider to be the most important matches between Covey's book and your security team.
- "Beginning with the end in mind" is one that seems to bite security pros often. For some, the "end" is something idyllic, like having a secure environment that doesnt prevent the everyday efficiency of the user. This "end" is often lost when security pros get stuck fighting fires and forget to look at how their actions affect everyone else in their organization.
- "Think win-win" is one of the biggest gotchas. Security is the balance between functionality and productivity. It can be difficult to fully secure the environment without having a major impact on user productivity. With win-win in mind, security pros should work toward building secure systems, while making sure users can do their jobs effectively.
- "Seek first to understand, then to be understood" falls in line with the last statement. Seek to understand the needs of the users, then work to have them understand the needs of having a secure environment. "Awareness" programs should include feedback from users.
- "Sharpening the saw" is my favorite habit. It focuses on finding a balance between work and play. I think the most effective security people are those whove found that balance and realized that work and play is often the same. Im lucky to be one of those individuals who enjoy my job to the point that sometimes it seems like play. This weekend, I met with a coworker at a coffee shop just after midnight and we worked on a reverse engineering challenge until 4:30 in the morning. It didn't seem like work.
Take a look at Covey's habits and see how they work for you in your security organization. I think youll find several parallels that could help you as you strive to be a better security professional.
John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading