Post on 23-Jan-2016
description
Why Do Security Professionals Fail? And
a Career Case Study on How to Succeed
IT Leaders Academy, Sofia, Bulgaria14 March 2012
Dan Lohrmann
Michigan Chief Security Officer
Today’s Focus
Thanks for inviting me to join you today to talk about Michigan technology
and security careers . . .
•Who we are and what we do
•Challenges and opportunities
•How I got here from where you are
•What you can do
Who is DTMB?
Michigan Department of Technology, Management & Budget
Consolidated business services organization•Technology – Centralized IT structure for State agencies•Management – Centralized management of State facilities•Budget – Centralized management of State budgetary functions
DTMB Cyber Security and Infrastructure Protection
Consolidated cyber and physical security functions•Office of Michigan Cyber Security•Office of Infrastructure Protection
• 17 agencies
• 48,000+ state employees
• IT support provided for:
800+ critical business
applications
Over 56,000 desktops
Over 1,300 telecom locations
Michigan’s Current IT Landscape
4
What IT Services Do We Provide?
Whenever a citizen . . . Files an income tax return Pays or receives child support Wins the lottery Compares schools Starts a business Applies for a driver’s license
…or gets pulled over by a trooper
. . . we’re there.
Security Challenge and Opportunity
Michigan blocks 187,000 cyber attacks against the State daily!
Pain Point:
Securely enabling
new solutions in the
new mobile and
social world
Where I Started
Off to Washington
Continuing Education
Moving to England
Staying Put in England
Michigan Opportunity
Michigan State Government
CIO – Michigan Department of Management & Budget
Senior Technology Engineer – e-Michigan Portal
Chief Information Security OfficerChief Technology OfficerChief Security Officer
Career Highlights: Writing
Career Highlights: Speaking
What You Can DoYou’ve already started . . . you’re HERE!!
•Technology careers don’t have to be boring Let me tell you about Joel . . .
•Gain experience Let me tell you about Mike . . .
•Don’t set yourself up for failure Let me tell you how to build “soft” skills …
What Causes Security ProsTo Fail In Their Careers?
Pain Points:
•The standard security check list isn’t enough
•Seven surprising problems can sabotage your career success
•Tough solutions that work
What got you in the room…Traditional views of successful security staff
College degree
…or degrees
CISSP
…or CISM and other certifications
Attendance at security conferences
Executive level buy-in
Even with all the boxes checked,
security professionals still fail. Why?
Security Professionals are Known as Disablers
Consider cloud computing. The security world calls it a bad idea, while industry is rushing to it.
Problem #1
The solution…
Be Known as an Enabler
• Stop saying “no” • Make it happen…
On time On budget And with the right security
Problem #2
Security Professionals Don’t Offer Alternative Solutions
The “one size shoe fits all” approach just doesn’t cut it.
The solution…
Use the Gold, Silver, Bronze Approach
Your challenge is to offer options, if possible. Best practice solutions may be too expensive.
Give them the full scope of each option: cost, functionality and risk.
Not Enough Humble Pie Typical Attitude… Proud, Confident and Always Right
Believe it or not, the business side of operations has other priorities beyond security.
Problem #3
The solution…
Humility with Professional Excellence
Face it… you have some blind spots.• What works today may not work
tomorrow. Be careful what you promise.• Treat others as you would have
them treat you.• Get different perspectives.• Understand changes in industry and
in your situation.
You Think the Customer is Clueless
The great divide between security and business is one big elephant in the room. And you’re partly to blame…
Problem #4
The solution…
Improve Customer Relations Separate people from the issues
Don’t write off people. Without good relationships in place, you may win some battles, but you will lose the war.
TIP: Get to know the business side of things. Build trust.
Inside Hackers Undervalue Ethics and AccountabilityDo you steal files but call it downloading? Do you bend the rules with acceptable use policies?
Look in the mirror. Are you an insider threat?
Problem #5
The solution…
Seek Accountability, Find a Mentor, Practice Virtual Integrity
Time for some soul searching. The more you grow in your career, the more you should seek out someone who can hold you accountable.
A Word About Integrity
What Does Dan Have to Lose?
You could even sacrifice your You could even sacrifice your
Future…Future…
Dealing with Burnout
Cyber attacks seem to come in waves, and when it rains, it pours. But it’s the daily grind of working long hours and weekends that really causes burnout.
Problem #6
The solution…
Perseverance and Balance• Anticipate stress and prepare• Look for warning signs• Separate and reflect• Think of your career as a
marathon Have a strategy Be willing to adjust, if necessary Stick with it!
Too Much Inside the Box ThinkingBeing the best at what you do (inside your box) can become a liability if everyone else in your business thinks of you only in those terms.
It will limit your personal and organizational effectiveness and undermine security.
Problem #7
The solution…
Be a Leader – Move Beyond Your Position Description• First and foremost: Respect the box
• Raise your hand and volunteer
• Generate ideas
• When an idea fails, try again
• Think outside your organization
• Join external groups
• Build teamwork skills
• Be the “go to” person for answers
• Share knowledge
Quick RecapProblem Solution1 People see you as a
disabler.Be known as an enabler. Stop saying “no”; make things happen.
2 Not enough alternative solutions.
Gold, silver, bronze approach to mitigating risk.
3 Not enough humble pie.
Genuine humility with professional excellence. Understand change.
4 The customer is clueless – Not!
Improve relationships. Separate people from the issues. Build trust.
5 Are you an insider threat?
Value ethics and accountability. Practice virtual integrity; find a mentor.
6 Are you burned out yet? Perseverance and work/life balance.
7 Perspective stuck “in a box.”
Move beyond your position description. Build teamwork skills. Enlarge network in industry.
Final Thought…
What gets you a job isn’t enough for a career. To be successful, you need to look in the mirror and recognize that the biggest hurdle is you.
Step back, be honest with yourself, and start your journey.
More Information:
Dan LohrmannChief Security Officer (CSO)
State of Michigan – USA
For more on this topic, Dan’s Professional Blogs:
http://blogs.csoonline.com/blog/lohrmann-on-govspace - or -
http://www.govtech.com/authors/MT-Author-GT-Dan-Lohrmann.html
Questions?
Daniel J. Lohrmann, Michigan Chief Security OfficerDeputy Director, Michigan Department of Technology, Management & Budget