1 / 38

Why Do Security Professionals Fail? And a Career Case Study on How to Succeed

Why Do Security Professionals Fail? And a Career Case Study on How to Succeed. IT Leaders Academy, Sofia, Bulgaria 14 March 2012 Dan Lohrmann Michigan Chief Security Officer. Today’s Focus. Thanks for inviting me to join you today to talk about Michigan t echnology

hisa
Download Presentation

Why Do Security Professionals Fail? And a Career Case Study on How to Succeed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why Do Security Professionals Fail?And a Career Case Study on How to Succeed IT Leaders Academy, Sofia, Bulgaria 14 March 2012 Dan Lohrmann Michigan Chief Security Officer

  2. Today’s Focus Thanks for inviting me to join you today to talk about Michigan technology and security careers . . . • Who we are and what we do • Challenges and opportunities • How I got here from where you are • What you can do

  3. Who is DTMB? Michigan Department of Technology, Management & Budget Consolidated business services organization • Technology – Centralized IT structure for State agencies • Management – Centralized management of State facilities • Budget – Centralized management of State budgetary functions DTMB Cyber Security and Infrastructure Protection Consolidated cyber and physical security functions • Office of Michigan Cyber Security • Office of Infrastructure Protection

  4. Michigan’s Current IT Landscape • 17 agencies • 48,000+ state employees • IT support provided for: • 800+ critical business applications • Over 56,000 desktops • Over 1,300 telecom locations 4

  5. What IT Services Do We Provide? Whenever a citizen . . . • Files an income tax return • Pays or receives child support • Wins the lottery • Compares schools • Starts a business • Applies for a driver’s license …or gets pulled over by a trooper . . . we’re there.

  6. Security Challenge and Opportunity Michigan blocks 187,000 cyber attacks against the State daily! Pain Point: Securely enabling new solutions in the new mobile and social world

  7. Where I Started

  8. Off to Washington

  9. Continuing Education

  10. Moving to England

  11. Staying Put in England

  12. Michigan Opportunity

  13. Michigan State Government CIO – Michigan Department of Management & Budget Senior Technology Engineer – e-Michigan Portal Chief Information Security Officer Chief Technology Officer Chief Security Officer

  14. Career Highlights: Writing

  15. Career Highlights: Speaking

  16. What You Can Do You’ve already started . . . you’re HERE!! • Technology careers don’t have to be boring • Let me tell you about Joel . . . • Gain experience • Let me tell you about Mike . . . • Don’t set yourself up for failure • Let me tell you how to build “soft” skills …

  17. What Causes Security ProsTo Fail In Their Careers? Pain Points: • The standard security check list isn’t enough • Seven surprising problems can sabotage your career success • Tough solutions that work

  18. What got you in the room…Traditional views of successful security staff • College degree • …or degrees • CISSP • …or CISM and other certifications • Attendance at security conferences • Executive level buy-in Even with all the boxes checked, security professionals still fail. Why?

  19. Problem #1 Security Professionals are Known as Disablers Consider cloud computing. The security world calls it a bad idea, while industry is rushing to it.

  20. The solution…Be Known as an Enabler • Stop saying “no” • Make it happen… • On time • On budget • And with the right security

  21. Problem #2 Security Professionals Don’t Offer Alternative Solutions The “one size shoe fits all” approach just doesn’t cut it.

  22. The solution…Use the Gold, Silver, Bronze Approach Your challenge is to offer options, if possible. Best practice solutions may be too expensive. Give them the full scope of each option: cost, functionality and risk.

  23. Problem #3 Not Enough Humble Pie Typical Attitude… Proud, Confidentand Always Right Believe it or not, the business side of operations has other priorities beyond security.

  24. The solution…Humility with Professional Excellence Face it… you have some blind spots. • What works today may not work tomorrow. Be careful what you promise. • Treat others as you would have them treat you. • Get different perspectives. • Understand changes in industry and in your situation.

  25. Problem #4 You Think the Customer is Clueless The great divide between security and business is one big elephant in the room. And you’re partly to blame…

  26. The solution…Improve Customer RelationsSeparate people from the issues Don’t write off people. Without good relationships in place, you may win some battles, but you will lose the war. TIP: Get to know the business side of things. Build trust.

  27. Problem #5 Inside HackersUndervalue Ethics and Accountability Do you steal files but call it downloading? Do you bend the rules with acceptable use policies? Look in the mirror. Are you an insider threat?

  28. The solution…Seek Accountability, Find a Mentor, Practice Virtual Integrity Time for some soul searching. The more you grow in your career, the more you should seek out someone who can hold you accountable.

  29. A Word About Integrity

  30. What Does Dan Have to Lose? You could even sacrifice your Future…

  31. Problem #6 Dealing with Burnout Cyber attacks seem to come in waves, and when it rains, it pours. But it’s the daily grind of working long hours and weekends that really causes burnout.

  32. The solution…Perseverance and Balance • Anticipate stress and prepare • Look for warning signs • Separate and reflect • Think of your career as a marathon • Have a strategy • Be willing to adjust, if necessary • Stick with it!

  33. Problem #7 Too Much Inside the Box Thinking Being the best at what you do (inside your box) can become a liability if everyone else in your business thinks of you only in those terms. It will limit your personal and organizational effectiveness and undermine security.

  34. The solution…Be a Leader – Move Beyond Your Position Description • First and foremost: Respect the box • Raise your hand and volunteer • Generate ideas • When an idea fails, try again • Think outside your organization • Join external groups • Build teamwork skills • Be the “go to” person for answers • Share knowledge

  35. Quick Recap

  36. Final Thought… What gets you a job isn’t enough for a career. To be successful, you need to look in the mirror and recognize that the biggest hurdle is you. Step back, be honest with yourself, and start your journey.

  37. More Information: Dan LohrmannChief Security Officer (CSO) State of Michigan – USA For more on this topic, Dan’s Professional Blogs: http://blogs.csoonline.com/blog/lohrmann-on-govspace - or - http://www.govtech.com/authors/MT-Author-GT-Dan-Lohrmann.html

  38. Questions? Daniel J. Lohrmann, Michigan Chief Security Officer Deputy Director, Michigan Department of Technology, Management & Budget

More Related