Recently, during an early morning walk, I noticed a guy in a truck intently watching me as I stepped over some rocks. Before I could figure out his intentions, he sprang from his truck and said something to me. Focused on where I was walking and not expecting a conversation, I missed what he said.
I responded with an awkward, “What?”
His eyes locked on mine and his face broke into a smile as he pointed to my Yankees hat and commented, “Good game last night, right?” I then noticed the Yankees license plate on the front of his truck, smiled back and said, “Good pitching saved the day.”
We smiled, exchanged “Go Yanks!” and bid each other a good day.
I pondered the conversation the rest of the walk home. When I got back, I noticed my neighbor’s car had a Yankees logo on the rear window and I smiled. Later that evening, while driving around town, I took note of every person or car that had a Yankees logo.
In life, it is natural to find affinities. It creates a level of comfort and common ground with others. These same natural affinities many of us enjoy offer a powerful insight into how we can improve the way we practice security.
To build a security team that creates a natural affinity with people who might join or support it, start by considering three basic levels of interest people have in IT security:
- Uninterested: Those who either know enough to protect their own information and resources, or for whatever reason are not interested in seeking help.
- Interested: People who want help and guidance in securing information and resources.
- Uncertain: Some people are on the fence. They seek more information before deciding if they can help themselves or need help from someone else.
Recognizing the different roles and needs of people is important because it helps define the team, including how the team is perceived and what the team is known for.
In my experience, it is important to build a team focused on helping others; instead of saying, “no,” seek ways to say “yes.” Invest the time and effort to explain security concepts in a way that’s easily understood.
By forming a team that focuses on the needs of others — both those who are directly interested in security and those who are not — it is possible to create an affinity with everyone to come share their knowledge, ask questions and get the validation, support and results they seek.
The Affinity Approach
To be fair, while many love the Yankees, not everyone is a fan. Sports can be polarizing, but other affinities can serve as good models to consider. Cars or photography, for example, are other affinities that draw people together. Regardless of what bonds your team, the most important thing is that each member engages, contributes and supports the group’s overall efforts.
We need to not only create the team, but also create a reason for people to join the team. Instead of focusing energy on those who don’t need (or don’t think they need) the counsel of a security professional, focus instead on those who do or those who seek more information.
In the process, people who may not be security professionals by title, but who have the experience and interest to contribute, are welcome too. By setting a goal of broad inclusion and helping people make better decisions, any organization can improve the entire practice of security.