My name is Scott King, and I am the Senior Director of Advisory Services at Rapid7. Before that, I was a CISO and have held many different roles in the infosec profession.
Today marks the second episode of “Confessions of a Former CISO,” a video series that highlights some of the mistakes, challenges, and successes I have learned throughout my career, with the hope that others can learn from them as well.
In our second episode, I will share some lessons I learned the hard way about shaming others who do not take security seriously enough. Please watch the video below, or read on for a recap of what was covered.
[embedded content]
On being the instigator of shaming
I’m not proud of it, but earlier in my career, I was the instigator of shaming someone who, in my view, wasn’t taking security seriously enough. What I realized, though, was their goals were simply different than mine, driven in part by management who wasn’t on the same page in terms of setting the right tone for the organization but I also realized that my lack of understanding and empathy for their role and their responsibilities played a part in my actions.
What I learned from this was that as security professionals, it’s our responsibility to bring people together to inform risk-based decision-making. People often view security as the naysayers who come in and embed unnecessary rigidity, but what I’ve learned is that security is really about bringing everyone together to enable good business. In other words, security isn’t all about doing security.
This was one of the biggest realizations for me in my car ..
Support the originator by clicking the read the rest link below.
