IT Managers Have To Learn To Talk About Security Simply

Security is tricky stuff, you need to be clear when you talk about it
Security is tricky stuff, you need to be clear when you talk about it
Image Credit: David Goehring

IT managers have discovered that security in all of its different forms, application, network, etc., has become a part of every project that we work on. This security stuff is complex and it seems to be constantly changing. What this means is that on top of securing our company and its IT assets, we have another job that requires our IT manager skills: keeping everyone else informed about what’s going on in the world of IT security.

Clarity Is King

One of the big problems that IT managers run into is that we can’t solve security problems by ourselves no matter how much IT manager training we’ve had. No matter if there is an outside threat to the company that we are responding to or if we’re creating a new web application that is going to have to be hardened to protect the customer data that it will be holding, we’re going to need to interact with the company’s senior management.

Where we run into problems is that the language that we use with our peers to talk about security related issues is quite complex. It’s filled with IT security jargon and lots of acronyms. There is no way that non-technical people are going to be able to understand what we are talking about. What this means is that it is our responsibility to change how we talk about this stuff. We need to start to clearly communicate what is going on and what we are doing about it.

If we’re able to get our senior management to understand what is going on, then they’ll be able to wrap their heads around the issue and make informed decisions. As important as a security issue may be to us, we always need to keep in mind that at any point in time there are other things going on in the company. This means that our management is going to have to prioritize this issue against everything else…

Know Your Threats

In order to effectively interact with the rest of the company, as an IT manager you are going to have to be able to clearly communicate what the different types of threats look like. If the rest of the company doesn’t know what they are up against, then they’ll never know what the proper reaction should be.

Where things start to get interesting is when you spend some time trying to educate the rest of the company about what their primary security threat looks like. Although most people may picture a Russian hacker dressed head-to-toe in black as being the company’s biggest threat, that simply is not the case. You’re going to have to be able to let your management know that their biggest threat is the insider who isn’t trying to do any thing wrong and somehow ends up exposing sensitive data.

The reason that you need to take the time to clearly communicate what is going on in regards to security to your management is that you need their buy-in. There are specific things that you are going to want them to authorize you to do, and they’re not going to be able to give you the permissions that you need if they don’t understand what is going on. We need to keep in mind the fact that if our management is faced with a situation that they don’t understand, their instinctive reaction will be to simply say “no, don’t do anything”.

What All Of This Means For You

As IT managers we have the responsibility to make sure that each project that we work on is properly secured. In order to make sure that this happens, we are going to have to become well versed in communicating with the rest of the company about security issues.

Typically, within IT circles, we use a great deal of confusing tech jargon and acronyms when we are talking about security measures and threats. We need to stop doing this. Instead, we need to describe what kind of threats we are facing and what we’re doing about them in clear, easy to understand, terms. Taking the time to do some IT team building and educate the rest of the company about what we’re up against will allow them to prioritize what our response to them needs to be.

On top of all of the technical things that we are asked to do as IT managers, we have an additional job when it comes to security: communication. This stuff can be so complex that we are the ones who are required to make sense of it and let everyone else know what needs to be done. Take the time to educate your management and your company will be able to keep itself safe.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™

Question For You: What words should you not use when talking to people about security issues?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

P.S.: Free subscriptions to The Accidental IT Leader Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

As an IT manager, you’d really like use your IT manager skills to have the best possible team working for you. Where things can get a bit tricky is when we try to define just exactly what we mean by “the best possible team”. If you take a look at a modern IT job posting, there is a very good chance that you are going to run across the phrase “must have good critical thinking skills”. That sounds great, but what are we really looking for when we say that?