A very personally opinionated piece on how the average security day job differs from a more general norm and how that can become a death knell for non-reactive management and innovation.
In any job of almost any kind there will be people who take their work home (literally and mentally) and those that clock off and forget it. The balance of former to latter goes up as you climb the corporate ladder, possibly levelling out then going down in the really rarified heights of majority-shareholding nearing-retirement executive board members. Curve (a) –ish.
Conversely, in any team of say 10 security professionals I reckon 6-8 are doing more ‘discretionary’ hours than an average Joe could be coaxed into with either a giant stick or a monster carrot (reminds me of an alternative awareness campaign that was proposed in Olso, but what happened in Norway, stays in Norway). So if mapped, I reckon it would look far more like the profile of a runaway truck – pretty high at the start, with a long plateau, then a cliff-like drop at the end.
Why does the passion plummet?
A surprisingly large other subset will do it because they genuinely care whether or not your network is secure. It really is personal for most, both from a pride and integrity point of view. Even those who might not be as personally motivated often put in shedloads of extra hours. Usually out of loyalty to the team. Because of the high percentage of pros who genuinely love what they do, there’s frequently great camaraderie and mutual support on offer
It takes some seriously prolonged effort to crush those urges. Perhaps you’ll manage it with redundancy round three, after which the survivors pick up the work of lost ‘surplus’ colleagues…3 FTE worth of stuff to do instead of the 1.75 or 2 they managed before.
Or maybe it’ll come after the fourth lot of expensive consultants tell them to do what they’ve been recommending for years (or something flying squarely in the face of what they know are your top security priorities). Adding insult to injury by invoicing an amount equivalent to an annual salary for a pricey plan, for an almost impossible to resource masterplan…given what was spent on the planning.
There’s long been a space between snack-size reviews, vendor’s own write ups and sponsored adds around IT and security solutions. Limor wanted to fill that with real user experience and debate and Peerlyst was born. It’s doing a good job with that and a lot more.
In an era when IPOed Twitter is shaping content to meet the facile user count demands of investors, LinkedIn is full of “10 ways to succeed according to a bloke with an opinion” and Facebook is full of kids and cats (including mine, so not judging), it’s a refreshing change.
Perhaps take a look.