The long term efficiency requires you to do things the right way

As a security professionals, the big chunk of our daily work is finding mistakes in work of others and pointing them out. It’s what we are paid for and what we are supposed to do, however the whole trouble comes from HOW we transfer the knowledge about identified issues.

We know our things, we too often feel smarter than others and we can’t stand seeing the same bugs happening over and over again. Raise your hand if you’re not tired of OWASP TOP10 bugs showing up in new code even tho most of it has been known for over a decade at this point.

The fact that people are uneducated is the origin of many of ours social problems and plenty of us are tired of playing it nice.

It takes a lot of passion and anxiety tolerance to stay on a path and continue to be efficient by being effective i.e. by doing things in a right way. You just can’t make security cost effective if you’re not capable of integrating with coworkers to get stuff done.

It’s easy to destroy relationships and hard to build them back

It’s unbelievably important to do a gut check once in a while, because if you don’t observe your behavior to catch yourself on moments when your ego is way too inflated, someone else is going to spot that for you.

Someone noticing your ego being out of check, is a situation that usually happens shortly after you’ve failed at your job. You must have had misbehaved in one way or another to make someone spend their energy on reflectin upon your actions.

If you’re lucky, the person whom you’ve failed will be generous and courageous enough to provide you an honest feedback about your behavior but that’s a scarcity.

Most of the time people will keep the negative experience for themselves, which will grow bigger when time goes by, and you’ll hear their thoughts only when emotions hit the roof and they’re bitter beyond limits when they happen to be in your surroundings.

And you may think that it’s not that much of a deal, because if you notice harsh attitude, then you’ll apologize and by that fix it right away. However, it doesn’t work this way at all. When someone is emotionally invested and already bitter about you, they’re not going care much about your apologies because the lost trust and credibility is harder to regain, than it was to earn it in the first place. There is noone to blame for it, it’s just a self-defense mechanism of human beings, and it’s there for a good reason.

This is why you’re the person responsible for you own ego check, because the last thing you want to happen is have coworkers dislike you. It starts with one person and spreads like a virus, because people love to gossip about negative stuff more than they like to make positivity louder. So make no mistake, because a single coworker having an attitude towards you can make whole departments turn their back on you.

No place for ego in effective management

Whatever your feelings may be, there is no place for anybody to have long lasting resentment in healthy corporate culture.

Unspoken mantra of each healthy organisation should be that we’re all there to do good together instead of aggressively competing against each other and cherrypicking on each other mistakes — even if they’re truly dumb and basic, but hey, who are you to judge?

Foremost important it to make sure you put your ego away and open yourself to listen suggestions from other people around you.

… Let’s skip the part when we all claim we’re obviously not ego driven, and get back into reality… :)

Ego is an incredibly robust thing, and aiming to get rid of it in its entirety is impossible so you’re better of trying to learn how to control it.

I love the way Seth Godin contains war against fear — you can’t eliminate fear completely, because fear is a good evolutionary tool of human beings, so you should aim to master how to dance with fear.

Most of us claim to be listening but the truth is that knowing how to listen and pull value from it isn’t an easy task that you can enable on demand, it’s more a skill which you need to train and do so regularly. Just look back and remind yourself from 2 years ago and notice how much — hopefully — you grew since then. Not once I wanted to bang my head against a wall couldn’t believe how naive and silly I was just those few months/years ago.

Appreciate feedback every single time you get some

If someone is giving you one, it’s because they expect you to act upon it. If they didn’t want you to change, they would not spend their time and mental energy on laying it down for you, so pay real attention despite what givers saying ‘you know, it’s not all serious, merely a thought’.

“Take it or leave it” advice rarely exist, and that’s especially valid point in corporate world.

The major problem is learning how do you get people to expose themselves when you’re around and share their thoughts with you, let alone admitting that they don’t know something. For some open people spitting words out is trivial, but it’s uncomfortable for vast majority to ask for help, so anytime someone aproaches you, show gratitude and acknowledge that your appreciate that person.

Creating feedback loops can be priceless as long as you take action upon the data you collected from your peers. If someone is criticizing your work then there is some agenda behind those words which you should analyse whether it’s really yours or that person’s problem.

Especially if you invite someone to share feedback with you, argumenting that you want to hear suggestions in order to improve yourself, you must take that conversation seriously because if your supporters don’t see things changing changing despite their involvement, they’ll stop wasting their time and won’t treat you seriously the next time you ask them for same favor.

It’s frightening how often we’re blinfdolded by our ego creating so strong narrative that we treat voice of others as a nonsense and background noise without considering that we may indeed be doing something wrong.

Watch your language and respect your peers

Using aggressive a’ka “too verbosely passionate” language in emails — which is essentially your form of escapism and dealing with anxiety — to offend and publicly shame people who made a mistake is not helping anybody. While it may be a relief for your grief, it’s negatively contributing to your long term success at the company.

Humility is one of the most critical qualities leader must possess. It’s a major dependency for building the trust that can be converted into long lasting relationships so don’t be too cocky just because you’ve found someone to be less educated than you in a given matter. They know things from their specialization that you have no clue about.

How would you feel if they offended you when it was you who came asking for help? Can you for a moment stop yourself from acting like a corporate cog and behave like a decent human being who knows how it is to get hurt and made feel insecure?

Concept of workplaces went that odd route and created very artificial and fake micro-societies, but there are very few reasons for you to continue playing that game, and there is plenty of counter arguments to act in a workplace like you act among your friends, collegues and other personal acquaintances.

The winning corporations figured it out a long time ago, that it’s all about making people comfortable with their self-awareness and hunger for growth. You must make sure that people understand and feel that there is nothing wrong with not knowing something as long as they have a willingness and interest in learning, improving ang getting better in whatever they’re paid for.

Leadership values and Emotional Intelligence

Social skills are hard for everyone, not just Security Professionals and we struggle with it in our daily lives.

In such niche field as infosec we’ve got plenty of great specialists, researchers, analysts and people who can hack almost anything, but how much attention do we pay in terms of their social skills and play with others? How much do we praise leadership in our field? It almost doesn’t exist in medias, and yes we all know Mitnick to be extremely socially “enabled” but can you name more of Mitnick-alikes with the same ease you can enumerate thru great security researchers? I’ve spent almost half a decade studying security management and leadership and I’m still don’t know as many great security leaders capable of creating robust security programmes as I know famous people working in appsec. Not even close.

Technical work is exciting and tempting, technical skills are in great demand and people get compensated very well for their technical acumen, which makes noone surprised with how many people are socially incompetent or even disabled, because if you’re good enough on technical skills side you’ll find an employment regardless of social savviness. I’m not saying it’s bad or wrong, but it’s clear that we’re not spending enough time working on social side of things. You can be a great hacker and programming rockstar, but if you don’t know how to unite people and how to use their potential to make a difference you won’t secure the organisation or product yourself. One man army will take you only this far.

Most people have no clue what emotional intelligence is, let alone heavily technical people who have beloved productivity so much that they prefer to work alone to focus on a deep work, and that isolation is both a correlation and causation. People who want to be great at their thing prefer to do the work alone and isolated from outside world tend to lose their social skills edge.

The deal is that without leadership skills you can’t change corporate culture, especially when you’re joining existing organisation which had no exposure to security for years or even decades. Without you acting as a leader who knows how to instill security into employees’ value system, people won’t stay inspired to do their best in securing the code they ship.

For years I myself used to be highly technical and avoided social interactions at all cost, because I wanted to be the most productive person ever who does not waste a single minute on redundant interactions which take away form me the opportunity to do something “important” at that time. But in order to be effective and truly productive as a security champion, I had to learn leadership business as well and I’m telling you about it only because it was really worth it.

Sure, there are still days in which I’d prefer to stay in my condo, pentest all the things and fix as much code as possible, but learning how to make myself comfortable around people made me a better employee and to be transparent — it also made my personal life better. When you take extreme ownership and strive to be a great leader, you can achieve far greater results in your security initiatives, in your relationships or whatever you might be doing that involves working with other people.

Learn to feel your people, understand what truly turns them on, give them what they need and share with them your motive in order to make great things happen.

Be the leader you wished you had and remember to stay human, not a corporate cog who puts a despicable mask each time he must approach coworkers to give a relief of his anxiety and transfer the bitterness onto others.