Building Tomorrow's Security Leaders

intelligent information securityAN IT IAN

BUILDING TOMORROW’S SECURITY LEADERS


MEET THE SPEAKER – ANDREW PLATO

• President / CEO of Anitian • 20 years of experience in IT & security• Completed thousands of security

assessments & projects• Discovered SQL injection in 1995• Helped develop first in-line IPS engine

(BlackICE) • Co-developed RiskNow™ - Rapid Risk

Assessment approach • Championed movement toward practical,

pragmatic information security solutions


• We enlighten, protect and empower great security leaders. • We believe security will make the world a better place. • Security intelligence services:• Compliance (PCI, HIPAA, NERC, etc)• Risk Assessment • Penetration testing• Incident response • Security integration • Managed threat intelligence

ANITIAN


OVERVIEW

Intent • Discuss the importance of leadership on organizational security• Define the qualities of a great security leader

Outline1. The Security Leadership Challenge2. Foundation of Trust3. Qualities of Great Leaders


SECURITY LEADERSHIP CHALLENGE


Logic clearly dictates that the needs of the many, outweigh the needs of the few…or the one.

- Spock, Star Trek II, The Wrath of Khan


I just want to do the right things


Please care about security…

…but don’t care about security

SCHIZOID SECURITY


MOST DANGEROUS THREAT TO A BUSINESS

PEOPLE


INDIGNATIONIS NOT INSPIRING


The Very Important Corporation possesses information that is sensitive and valuable, e.g., personally identifiable information, financial data, building plans, research, and other information considered sensitive. Some information is protected by federal and state laws or contractual obligations that prohibit its unauthorized use or disclosure. The exposure of sensitive information to unauthorized individuals could cause irreparable harm to the Very Big and Extremely Important Company or its board members, and could also subject the Company to fines or other government sanctions. Additionally, if Company information were tampered with or made unavailable, it could impair the Company’s ability to make wads of cash. The Oh So Massively Huge and Phenomenally Important Company therefore requires all employees to diligently protect information as appropriate for its sensitivity level.

COMPLIANCE ROCKS!


The Golden Circle

Simon Sinek: www.startwithwhy.com




SECURITY LEADERSHIP MUST EVOLVE• Programs that empower• Audits that fuel growth and improvement • Controls that truly protect• Policies with vision• Shared values• High-value, high-trust relationships


PEOPLE NEED PURPOSE• Engaged employees are more likely to:• Take responsibility• Be accountable • Focus on results over effort • Keep commitments • Do the right things• Protect and care about the business• Grow and mature

• We need people with a stake in the business


A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves.-Lao Tzu


VIRTUOUS CYCLE OF ENGAGED EMPLOYEES

Engaged Employees

Informed Decision Making

BetterPractices

Effective Controls

AuthenticCare

Innovation, Growth,

Prosperity

Great Leader


FOUNDATION OF TRUST


HIGH-TRUST ENVIRONMENT

• Trust is the fuel, energy, currency, and foundation of security leadership

• Trust is the bedrock of security and leadership

• Trust can polarize


1. COMMUNICATE CLEARLY

DO• Always honest• Use simple, direct language• Say it like it is• Start with why

DO NOT• Lie, deceive • Ignore issues issue• Manipulate through deception


2. BE TRANSPARENT

DO• Share openly, be authentic• Declare your intent • Admit your mistakes, solicit feedback• Be honest about why you cannot be open sometimes

DO NOT• Hide, cover up information• All talk, no action • Horde information


3. CONFRONT HARD TRUTHS

DO• Acknowledge weaknesses• Solicit feedback• Conduct rigorous tests and audits• Share results openly• Make everybody aware of the problems

DO NOT• Hide weaknesses • Cover up problems • Conduct meaningless check-box type tests


4. RIGHT WRONGS

DO• Fix the problem• Apologize quickly and make restitution• Be humble, respect differences

DO NOT• Blame others• Avoid problems


5. COMMIT

DO• Only make commitments you can keep • Make things happen, deliver real, tangible results • Terminate people who cannot deliver results

DO NOT• Make commitments you cannot keep• Deliver activity or busywork• Keep underperforming employees, they are toxic


6. BE AGILE

DO• Constantly grow, improve, and mature• Push people outside of their comfort zones• Make change the normal• Cross-train• Be conspicuously appreciative of feedbackDO NOT• Retain broken procedures and practices• Inflexible• Focus on comfort• Criticize improvement


7. CLARIFY EXPECTATIONS & VISION

DO• Establish clear expectations• Have a clear vision for success• Revalidate expectations & vision regularly • Re-clarify, re-re-clarify, re-re-re-clarify if necessary

DO NOT• Assume people know what the right thing is • No planning, vision, or direction• Be indecisive


8. LISTEN

DO• Spend more than 50% of any conversation listening• Intentionally slow down• Analyze, ponder, and reflect• Validate what has been said • Ask why

DO NOT• Dominate the conversation• Cut people off • Tell how


9. TRUST BUT VERIFY

DO• Trust freely, those who have earned it• Trust conditionally, those who are earning it• Verify trusting behavior• Require trust from others

DO NOT• Trust those that behave untrustworthy• Trust based on what people say


10. BE LOYAL

DO• Openly give credit to others• Speak as if they are present • Stand behind your people

DO NOT• Take credit • Badmouth• Throw them under the bus


QUALITIES OF GREAT SECURITY LEADERS


TRUSTWORTHY

ABRAHAM LINCOLN


ANALYTICAL

NIKOLA TESLA


VISIONARY

STEVE JOBS


INSPIRATIONAL

VINCE LOMBARDI


INCLUSIVE

DR. MARTIN LUTHER KING JR.


HUMBLE

MAHATMA GANDH


FEARLESS

AUNG SAN SUU KYI


I do the right things...

…always


Final Thoughts• This is not weak leadership• Not everybody can handle it• Long term effort • Benefits are lasting and profound • Must put your attitude and ego in check

It's a far, far better thing I do than I have ever done before. A far better resting place that I go to than I have ever known.


EMAIL: [email protected]:www.linkedin.com/in/andrewplato/TWITTER: @andrewplato

@AnitianSecurityWEB:www.anitian.comBLOG: blog.anitian.comSLIDES: bit.ly/anitianCALL: 888-ANITIAN

THANK YOU

Technology

Building Tomorrow's Security Leaders