Security Strategy, Plan, Budget

Say yes to innovation

A few years back, I was the party pooper when it came to anything wireless. I had lots of examples, plenty of security articles, and even a few three-letter agencies in Washington D.C. to back me up. I would easily win the technical debates at key meetings. Over time, people started going around our security office. My intelligence network reported that we weren't being invited to key meetings.

The hard part was learning how I was being viewed by the business. After a few tough lunch discussions, it became clear that security was seen as "stifling innovation." Initially, I was defensive. What about all the times we saved the enterprise from viruses, worms and hackers? Whether it was true or not, I knew perception was reality. We needed a different approach.

Looking back, I realize that I not only won the battle, but lost the war. I was actually fighting for the wrong side. Mobile computing is everywhere and growing. I had backed the wrong horse. Now, I'm for secure wireless. The debate on mobile computing may be over, but there are always plenty of new projects that cross our desks.

So how can we say yes and still maintain our integrity (not to mention sensitive information and legal compliance) at the same time? The first step is the most humbling — recognize the problem and the need for a new approach. Believe me, there are plenty of business-side colleagues willing to provide personal advice on this topic. Do lunch.

Second, ask how others in the Fortune 500 or similar size companies are implementing (whatever it is) securely. Find examples of success and copy solutions that work.

Third, get involved much earlier in technical discussions and processes. Build security into all phases of project lifecycles, but focus on enabling not disabling.

I'm still learning to say yes. I'm constantly reminding myself that we can't help if we're not at the table. The implications are vast, and the resistance from security staff often gets complicated. Still, it's worth the effort to resist saying no. Business executives are watching.

Dan Lohrmann

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.

Dan’s award-winning blog: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/
CSO Magazine articles: http://www.csoonline.com/author/dan-lohrmann

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.