In the Army, we see the basic fundamental skills being tested on missions and operations. From jumping out of C-130 to performing sub submersion, operators’ basic skills are always being tested.
This goes for IT professionals in any security setting, as well. Your basic skills sets will be tested everyday. I have seen junior support staff trying to stump and check senior level and even CISOs on information security best practices. Many may take this as being disrespectful; however, in teams, groups, and special operations, you will see this happen a lot. With all the alpha personalities in the team mixed with smart people, do not be surprised not if (rather when) you get checked.
It is important not to forget the basic fundamental skills such as command lines, understanding of networking, programming, and overall how that translates to having security in the line of business. We have seen many executive management get lost in office politics and lose sight of their skills that got them there in the first place. This leaves the Sr. Management, VPs of Compliance, and executives open to being “checked” by a junior staff member and made to look like a fool.
This can really affect the image of Sr. Management, VPs of Compliance, and executives with regards to how well they really understand what is going. I have overheard conversation at the water-cooler suggesting that junior staff knows more than the management. This sets the wrong tone. Fortunately, it’s preventable with a simple understanding of basic IT and how it works in security.
It is recommended that Sr. Management, VPs of Compliance, and executives have a fundamental understanding of their line of business and the skills that are needed to fulfill their duties. If not, these personnel will be quickly overshadowed by the worker (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/remember-security-basics-will-always-tested/