Situational Awareness Advice for Security Managers

By Stephen Northcutt
Whether you are a newly appointed leader with security responsibilities or an established leader, today is a great day to assess yourself. Make a new day's resolution to be more effective, to increase your personal alignment with the needs of your business and your group's effectiveness in serving your business. Great leaders are aware of their surroundings, and they ensure that their team and co-workers are also aware. This is accomplished by prioritizing focused attention; it is also the result of minimizing distractions. They share their expectations and bring their teams into alignment. Great leaders know their weaknesses, and both work on them and create countermeasures to prevent their weaknesses from detracting from their effectiveness. They take budget and financials seriously as they know this is what makes business succeed. They make every effort to be one percent better as a manager.

Here are some suggestions by other managers with computer security responsibilities, from all us at the leadership lab, we hope they help:

  • You might also consult Chapter Five, Negotiating Success, in The First Ninety Days, by Michael Watkins. The rest of the book is fairly "arm-wavey" (too general). Chapter Five lists the important conversations that you need to have both with your boss in your new capacity as a manager and your new reports. These include how you like to be communicated with, what resources are available, and what should be considered the highest priorities. There are others. Perhaps Amazon will let you look at the chapter alone. Otherwise it's worth $20 in my opinion. I made all my newly hired people get a copy when I was headhunting. - Jodi L. Colburn
  • There are, of course, a thousand and one books on management. A quick Amazon search will find many that are 5 star rated. We all will have our favourites and you will have a nice list of reading material so far :) I will offer a couple of books that I found useful and then a small piece of advice. Try and get these books on tape / CD first so that you can listen to them on the way to/from work. This will get you the essence fastest and make use of that travel time. You can always get the book afterwards if you want the complete story. They are all on Amazon. I am also looking at books that can have the fastest impact for you so some are very short, one is less than 100 pages and you can read it in an hour or two. 7 Habits of Highly Effective People - Steven Covey (get it on CD); Ultimate Rewards - What Really Motivates People - Steven Kerr; The One Minute Manager - Kenneth Blanchard, et al.; The Greatest Salesman on Earth - Og Mandino (yes, you are in sales). That's enough books. Now a small piece of advice. There is no shortage of great books on becoming a great leader, manager, rich, or smart, or whatever. So why are there so few rich, smart people who are great managers and leaders? Because most people read but do not implement. You need to DO, not just read and forget. This is why I like these books listed. They are easy to digest and absorb and then easy to apply, day to day, everyday. Stay humble, be cool, give more than you take, and above all remember this from Admiral Grace Hooper; "You don't manage people; you manage things. You lead people." - Jos Pols

  • I'd recommend Google-ing "DiSC personality profile", read through some of the sites to get the general idea, and then look up an appropriate book on the subject. DiSC personality profiling isn't a bad short-hand method for quickly identifying a person's general strengths and weaknesses, but take it with a grain of salt...personalities are carved in flesh, not stone. I mention this because your work is now at least 80% about people...the technical gadgets and gizmos now move to the back burner...and your success will be measured on this as much as (or more than) on what your team does. But at least the pay should be better. - Joe Bieber

If you are newly promoted:

  • You have to have a basic attitude shift from accomplishing things yourself to accomplishing goals through the actions of others, even if they don't do it as well, as soon, or as thoroughly, and at the end you will be accountable for the results. Every assignment will have two partially conflicting goals: accomplish the task and develop the staff. To do this you'll have to let people make mistakes, celebrate wins (even if you already knew the answer) and build confidence. Hardest of all: you may have to make decisions that hurt people. There's only so much money to go around, not all will get a raise. Recession is coming up, is someone under performing? Or even small ones like limited budget and an axing a pet project. These are tough decisions not to be taken lightly since they involve folks lives. - Jeff Bryner
  • Separating yourself from your previous role can really be the most difficult bit (well, unless you have crap staff, in which case the battles of personalities could be!). I found it difficult for quite some time in a small company to be treated equally to other managers who came in at that level. On top of that, not just being a one man action show with a bunch of glorified PAs can be hard if you don't change your mindset. And lonely too sometimes depending on the situation. Learning to delegate and keep on top of progress is key. Depending on who you work for, some companies (particularly larger corporates) can be big into their personal development and actually identifying your own weaknesses and taking appropriate courses (internal or external) can win real brownie points for your next year's performance appraisal. How's your budgeting side of things? Strategy and analyzing? Team building and influencing skills? Do you know the business that your company conducts inside out - can you talk to your C level execs at a level they respond to ... knowing what it is they're trying to achieve in the company? These are the things that 15 years of tech experience often doesn't even scratch the surface on. Plenty of books and course on the first few items - perhaps working with a more senior mentor could help with the latter if appropriate. - Alan Davies
  • I was promoted from within the trenches as well. Another thing to look out for that I initially had issue with is detaching myself from doing the work. Sometimes I saw that if I did it myself (a specific task) I could get it done quicker because I was pretty much the subject matter expert, but I needed to delegate the tasks and help the individuals doing it (that's where the experience comes in along with leadership and guidance). This way we created a team of everyone knowing what needed to be done. So do not get trapped into doing things and trust your guys and delegate the work to them. - Josue Rivas
  • One thing I found is that you also need to be very careful because you are being promote from within the ranks. Your relationships to those you used to work with in the trenches will definitely change as you are now their supervisor. Others may have been also vying for the position and receiving work directives from you may be difficult to accept. I believe the best way to fight this is to pull everyone together and repeatedly and clearly assert that you are there to fight the battles in the best interest of your unit and each individual with upper management and not now simply their “boss”. Clear their way, free up resources, enable them and provide strategic leadership and guidance. - Alan Wong

"In times of change, learners inherit the Earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists." Eric Hoffer.

NOTE: these suggestions are adapted from SANS SANS Security Leadership Essentials For Managers a course designed to prepare security managers for the GIAC GSLC certification.