6 Things Security Architects Can Learn from the Presidential Election
March 1, 2016 | DevOps | joanna mastrocola
In honor of Super Tuesday, we thought it would be a good idea to to take a look at the election process thus far and see what today’s presidential candidates can teach us about communicating with a team. Whether you’re a conservative, liberal, or somewhere in between there are some clear takeways you can garner from these campaigns, as this election is a perfect example of both effective, and ineffective, communication. For security architects, a main struggle is getting development on board with your security plan. Since communication is crucial to achieve this enterprise-wide focus on security, why not take some tips from some of the best, and worst, orators in the business.
In order to gain support, politicians need to listen to the people in order to truly understand the plight of the constituent. They also need to actively listen in debates so that they can adequately speak to the points made by their fellow candidates. As a security architect, you have to listen to the development team in order to understand why they don’t want to think about security, or what they are worried about happening if a new security plan is introduced.
Learn what tools they like to use, and make sure whatever plan you create integrates well with the things they use everyday. If your plan is crafted around the issues developers voice, it will be a lot easier to get them on board.
2) Have a Plan
Every politician has a plan for how they intend to make things better. If this strategy isn’t well thought out and doesn’t address the concerns of constituents, they will lose voter credibility and confidence. When you introduce a new plan to the organization make sure it is well thought out and easy to understand, that way you will be able to effectively establish your point and clearly answer questions.
Think ahead and make sure your plan addresses the main apprehensions of developers. Be sure to create a program that outlines how important security is to the entire enterprise, the vast impact is has on business, and how it is imperative that security be weaved into the development process.
3) Don’t over-promise
Just as politicians shouldn’t bait voters, you shouldn’t mislead the development team. It can be tempting to say the new processes you are introducing will be easy to implement and understand, these types of hopeful misrepresentations are especially appealing when you are trying to get developers to agree to the new security plan you are proposing. However, over promising won’t build good faith.
Be honest about the new process and make it clear that you and your team will be there, every step of the way, to ensure implementation goes as smoothly as possible and to answer all questions.
4) Give an accurate timeline
Politicians always present key issues as their chief concern and the first thing they will address when they are elected. However, this is rarely the case, causing a great deal of frustration and lack of trust. Be honest with the development team about how long the new plan will take to implement and how much additional time it will tack on to their day to day innovation. Make it clear that security is vital to the health of the enterprise and that their participation and enthusiasm is key to the organizations success.
5) No Yelling!
Although it’s easy to make snap judgments and yell when you feel your point is not being heard, keep in mind that security is a company wide issue, and every team has their own set of objectives. Although you realize security is important, not everyone will agree with you. The only truly effective way to get others to understand your point is to speak clearly and concisely. Answer questions, speak truthfully, and encourage an open dialogue amongst participants. Take their concerns and address them honestly. Shouting does not make for productive conversations, it causes listeners to put up barriers, and it creates counterproductive animosity that will only make your job as a security professional harder.
6) Don’t Let Your Ego Get in the Way
(Pretty self-explanatory, we all know politicians have some big egos) Yes, you put a lot of thought into the security plan you created, however, there are always better ways to do things. Understand that plans are iterative, and although the security plan you created was well thought out, there are always holes that need to be filled or things that simply don’t work in practice. Continually collect data and re-evaluate your proposal, noticing what is working and what isn’t, taking feedback from your team, and making the processes better.
Getting the enterprise to put security first can be tricky. However, with a clear plan and effective communication, it is possible.