Being an InfoSec Professional / Cybersecurity

Tellers of tales and debunkers of myths

Tellers of tales and debunkers of myths.

An organization needs both.  You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc.  But you also need someone who “lets” facts get in the way of those myths.

Marketing and sales folks need to be tellers of tales.  And this does not mean they need to be liars.  Just that they often need to look at the glass as half full (and ready to be over-flowing at any moment).

But your finance people and your information security people need to be debunkers of myths.  If you find your information security person using the phrase “benefit of the doubt” too often, you should worry.

And when someone moves from being one to the other, bad things can happen.  Consider Société Générale trader Jérôme Kerviel.   He had worked in a department responsible for internal controls so he was intimately familiar with how to debunk every overly rosy risk that the traders took.  When he became a trader and started to experience losses he began to tell himself a tale about how the next trade would get him out of it.  And since he knew the controls, he knew how to get around them.  5 billion euros of losses later, he was caught.

And it works the other way, too.  Ask a salesperson for the story of when they brought a subject matter expert from their company to a sales meeting and the expert started expounding on the weaknesses of the product rather than its strengths.  They almost all have a story like that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s