Cross-fertilisation between the techie and the businessperson has never been more necessary than today. An (ISC)2 whitepaper helps set out the debate.
IT security professionals have heard the lecture for years: you have to be more than a techie; you must focus on the business. What this means in practice became the subject of four workshops, hosted by (ISC)2 and the Information Security Forum (ISF) in 2008.
“If you get tarred with the ‘superb expert' brush, you are not supported in developing other, often more valuable, skills that could advance your career,” explains ISF senior research consultant Adrian Davis, who co-led discussions and is co-authoring a whitepaper on the subject with (ISC)2. “It can seem like you have to be a superhero – assess risk, understand the business and the user, be an ambassador for the cause, and protect the organisation.
“Many people in this field have been caught out as they move up the corporate ladder, promoted for their skills as a perhaps brilliant technical architect but not prepared for the requirements of an executive. It's the softer skills, negotiating, communications, people skills, that dictate success and can be difficult to develop at a late stage.”
Recruitment for information security, suggests the research, will remain a challenge for some time. “IS is not positioned as an exciting, advanced subject by many universities, while the value is poorly communicated by those who are in it. Recruitment should tackle this, focusing on the potential for influence in a company that understands how to develop well-rounded people.”
Workshop ideas to enhance softer skills included: rotating team leadership responsibility; secondments to business departments; and making it easy for the brightest to move out of the IS department.
“Field experience can be the most powerful motivator. Even if they don't come back, you have an ambassador elsewhere in the business,” says John Colley, managing director, EMEA, for (ISC)2, co-author of the whitepaper.
Being visible is crucial. Davis describes confident IS individuals who show up to project planning meetings uninvited. When asked why they were there, the most effective answer was: ‘I'm here to help.' “Unfortunately, the reputation of IT people being the naysayers persists. The opportunity to develop yourself and your people as being helpful is good for the department and careers,” says Davis.
The paper, Anticipating Your Advantage, is to be published in July.