Security Bloggers Network 
SBN

Security Catalyst Office Hours Recap for March 26, 2021

by Michael Santarcangelo on April 1, 2021

We welcomed fresh faces and old friends to the twelfth office hours of 2021. I shared good news about getting back to writing, and then we dove in with an exciting conversation series of ideas and insights around: 

Making the investment to train your colleagues

Shared a success that proposal to fund and offer self-paced online training was approved and already adopted. Explored the opportunity to make yourself accessible as the person (or team) who can help with context, explanations, and applications.

Asked: Is there a role for learning, connecting, and improving?

The sort of role that moves laterally and vertically within the organization to “glue” things together – to offer stewardship. We explored how sometimes this is a Chief of Staff position, CTO, COO, Architect, Program or Project Manager and even a business-housed technologist. 

Follow-up: is this a formal role or an informal aspect of many roles?

Organizations invest in someone to “whip” or fix challenges… Is this the role of leaders? The challenge remains the likely blind spots on teams, within teams, and across the organization. Who looks for those?

Worth noting: The dichotomy of asking “why” 

The more we ask “why” things happen, the more we learn. Sometimes asking “why” scares people, because they don’t know. Or because “if you find it, you fix it.” For some folks and organizations, it’s easier to NOT KNOW than to uncover problems you have to deal with — especially when you’re already exhausted and overwhelmed. 

What is the value of improving stewardship?

Visibility + ground truth — the things leaders don’t always see, with the expressed intention of exploring what is also sometimes kept out of view. What about spotting opportunities for collaboration? Or actively looking for ways to help each other to avoid reinventing the wheel (which slows things down). 

How do you make the case to build the role?

  • Look at the appetite for risk in the organization (not just cyber risk, but the overall tolerance for risk)
  • Focus on the need for and benefits of improved visibility 
  • Consider the benefit of moving faster (velocity) with less friction – speeding the path to value
  • Spawn a project to get a better understanding and offer to measure the risk
  • In this project, look to show the value of periodically or continually looking for this sort of improvement (it goes by many names)

Is it worth doing anyway? Even without a formal role?

What is the value to you, to the organization, if you take this on as collateral duty? Can you use that to build a role? This ties into our need to improve our ability to sell (serve, not sell) and build a personal brand to increase KLT (know, like, and trust). 

Do I suck at being led?

What the organization says does not match what they do. What happens when my vision doesn’t match the vision of the organization? Leaders are followers… so this creates a natural tension. 

“We judge others by their actions while asking them to judge us by our intentions.” 

Consider joining us next Friday at Noon Eastern… 

BRING YOUR PROBLEMS TO ME

And we’ll solve them together

https://Securitycatalyst.com/officehours

*** This is a Security Bloggers Network syndicated blog from Security Catalyst authored by Michael Santarcangelo. Read the original post at: https://securitycatalyst.com/security-catalyst-office-hours-recap-for-march-26-2021/

Michael Santarcangelo ,