Ray Stanton admires the diversity of experience in the typical information security team and examines the challenges of helping four generations to work productively together.

There is a workplace phenomenon that is having a profound effect on security management. Ray Stanton, executive global head of business continuity, security and governance at BT, calls it the ‘power of four': the working population has four disparate generations, each with its own characteristics. This and the rapid deployment of Web 2.0 technology are creating a challenging dynamic for the security team – who need to sharpen their people skills.

“People are working longer. We have veterans, baby boomers, Generations X and Y, all working together – and we are facing Millennials or Generation Z in six years' time,” said Stanton in his keynote speech at (ISC)2's recent SecureLondon event, hosted by BT. “Their learning, working and communication styles all differ. The older generation responds best to a written request, baby boomers prefer face-to-face, Xs want structure and direction, while goal-orientated Ys consider direction to be suggestion – and may or may not follow it. Now apply this to your security policy on usage…”

There are two challenges for professional development. The first is the differing attitudes within the security team itself: older managers are working with young graduates who are digital natives living online lifestyles dependent on the tools their managers seek to ban. The second, more far-reaching challenge is to ensure that this team is equipped to have the influence it requires over the entire organisation.

“Banning tools such as Facebook can represent a lost opportunity: these tools can be used securely, and are considered invaluable for collaboration in the workplace and social communities. You are more likely to get well-motivated out-of-hours effort if you let your Generation Y manage their social plans using the tools of their generation,” says Stanton.

He advocates a ‘Moodle' approach. Moodle is an open-source, interactive e-learning software platform allowing Web 2.0 to boost the organisation's agility. Stanton also suggests that a course in psychology is invaluable for the security team. The starting point is communication – listening, soliciting feedback – to ensure the team develops the broad perspective needed.

“You are going to have an 18-year-old and a 65-year-old using the same solutions. The security manager needs to understand how each age group uses them. And this will only intensify, given that it's not uncommon to see late 60s and 70s in the workplace today,” says Stanton.