I laugh at times when someone tells me an email I sent, or something I said in a meeting or teleconference was “too blunt”, and I should have maybe said it in a different way. When someone says; “Maybe that was not the politically correct way….”, that offends me and I cringe. With our clients, there’s obviously a slightly different approach you take to getting the message across than you would when working with colleagues internally in your own business. i.e; You work within the boundaries they [the client] have to work in, and you communicate the message within those boundaries but still aimed at getting the desired result – understanding and reaction to issues that may impact their business negatively.
Security people always seem to be in that quandary as to how best communicate what they know about the security issues their organisation faces – Who will I upset? Should I be blunt with it? Should I sugar coat it? Should I downplay it? Should I just not say anything?
So what’s right?
I could sit here and say that my approach to being “blunt” with it is the way to go, and if you’re not, then what the hell are you doing working in that role you have?! BUT, everyone is different and what works for me, may not work for other people. I will say though that I haven’t met anyone in our industry that has made great achievements for the companies in their role that wasn’t of the same approach. I can say with experience that “weak” approaches, (just my view), have never done anything more than keep businesses insecure and made for very unhappy security people, (who eventually move on to other companies with the deluded thought that life will be better there). You have to ask the question then; if you’re going to move anyway, why not be blunt and open on what is wrong and at least know after you have moved, you gave it all you had!?
Working within an IT department where you are in the minority and seen as the “bad guy” by some doesn’t help you does it? Why live under that perception and let it cripple what you can do if your time there is limited anyway (hey, 2 years there you said)? Be loud enough, stick to your principles and when you move on, be proud you did all you could. And, you know what…..sometimes, you’ll get the ear of someone who really cares and you’ll get that credit and respect you deserve and your role will grow (and you don’t move on in 2 years)!
You won’t get it sitting back and trying to be “politically correct” and “nice” to everyone. You don’t have to be an arsehole – just confident in yourself and firm in your position about things and don’t worry about suckdowns and other people who feel threatened by what you have to say!
Read some of the related posts:
The CIO Sticking Point
Dumb Bosses
Dumb Security Category
My first two Beast or Buddha posts in 2006 (says a lot!)
Flame on…….
Yeah its a funny one. I always like to see the looks on people’s faces when you are the first one to say out loud what everyone has been thinking
I’m afraid I have to admit – I was unfortunate to have been born with a recessive, competitive argumentative gene, embedded somewhere deep in my DNA. Good mates are well aware of this flaw & try to bait me – with good results.
In the office, my DNA is unable to differentiate its surroundings. It doesn’t discriminate. If a CEO, CIO, cleaner or anyone walks in & tells me something I don’t like, my DNA kicks in, sending a “man all stations” message to the brain, followed very shortly thereafter by my big mouth.
Sometimes this can be good, or, most often, not so good.
Hopefully with advancements in bio-technology, there will be some kind of gene therapy pill I can take for this obviously mutant DNA flaw.
In the meantime, my DNA will continue to win the battle. And I’ll continue to vent my spleen here on b or b or more recently, my blog, http://www.jerrysplains.blogspot.com/