A few months ago, I noticed a reoccurring pattern. This was primarily due to the holidays and being exposed to family members that tend to only poke their heads around every few years, but I noticed I was being asked what it is that I do for a living.
The first couple of conversations teetered on the edge of boring and inane as I described in overly complex and technical terms the day-to-day operations of a security professional. I gallantly tip-toed around the every-so-often, “Your aunt said you work in "Security" now. I never thought you’d become a rent-a-cop” statement.
Talking IT With a Client
As each interaction went on, I got a bit better at finding out how to take what can be an extremely technical job at times and describe it in a way that made sense to those that do not have the same technical acumen. Looking back, this exercise was extremely valuable as it offered me a chance to get some perspective. It’s not as common—but it still sometimes happens—where I will be in a meeting in which a person in the suit will shift their glasses further up the bridge of their nose and ask while squinting, “What exactly do you do for us?”
This question is loaded heavier than a Big Bertha on its way to Liege. Yet, there will come a time that you find yourself having to answer these types of questions, either internally to middle and upper management, or more importantly to a business leader during a client engagement. Being able to succinctly answer this can be invaluable when you're in a tight spot. I’ve been forced to develop a go-to explanation that I use for my family, and it tends to translate well enough to corporate brains, with a little modulation.
For the most part, the work we do as Security Professionals is most similar to that of a technical, corporate therapist.
This is not to be mistaken for a life coach or leadership morale booster. Our role is aimed at taking a therapeutic and mindful approach to the way that we work with our clients to solve their problems.
Upon initial consultation, our teams, or us singularly, will lead intelligent discussions aimed to spur critical thinking regarding the risks, threats, and vulnerabilities inherent within our client’s Security Program. We ask questions that encourage introspection and rigorous analysis that seeks underlying truths.
From those conversations, we will seek to align the correct solution to the problems our clients face. Suggesting, in a holistic manner, a recommended set of policies, procedures, and best practices that can be then be enforced via a valid prescription, or in this case, a specific technology-based control system. As our expertise builds rapport, we are able to baseline our clients needs to help them achieve their goals, and often times take them from a shaky and unstable, perhaps even broken state, to a fully functional and operating Security Program.
This methodology is more than just a trusted advisor relationship. We don’t want to be the girlfriend you come to gossip with about what’s cool and new and trendy. We want to be the professional that you seek when you think there is a problem and are unsure as to what you can do to identify its root cause and then apply a solution. Healthy security operations are effective security operations, and effective security operations are paramount in building digital resiliency.