Security Technology Executive

FEB-MAR 2014

Issue link: https://securitytechnologyexecutive.epubxp.com/i/282968

Contents of this Issue

Navigation

Page 47 of 51

www.SecurityInfoWatch.com his week finds me back in the security consulting world, and I couldn't be happier. After over a decade working in the security vendor space, I am back to pure-play, customer-facing consulting. I do recognize that almost all security professionals are consultants within their own sphere of influence. I'm back to doing that job as an outsider. Even if you have a corporate secu- rity gig, and you're successful, you're likely playing the role of a consultant by gathering data and providing sage advice. I don't know any security pro- fessionals who have the job of accept- ing, mitigating, or transferring risk on behalf of the organization they sup- port. Those risk decisions are the pur- view of corporate executives, organizational leaders, and others responsible for the profit and loss of the enterprise. A savvy security professional realizes they provide a valu- able service of creating and managing the programs that inform those critical decisions. They inform them, they don't make them. During the first week in my new role, I was brought into a situation where a fellow consultant had started a row with the customer by telling them, "This is how this [security function] is done – period!" The customer under- standably bristled at this pedantic and arrogant proclama- tion. Now it's become my responsibility to try to resolve the impasse. I pulled the security specialist aside and asked if he had fully read their organizational security policies before making his statement. He had not. I asked if he under- stood their risk decision-making process. He did not. I asked is knew their corporate tolerance for risk. He was unaware. I told him we had lot of work to accomplish. I was able to convey a principle I learned from the humor- ous Gerald Weinberg book, The Secrets of Consulting. In the book, Mr. Weinberg states there is a Buffalo Bridle Principle for consultants. He says you can put a bridle on a buffalo, and lead it anywhere it wants to go. However, if the buffalo decides it doesn't want to go where you are leading it, you and the bridle make no difference. The organizations we support are like the buffalo. We can lead and provide our advice, but ultimately, they will decide what risks they'll accept, those they will mitigate, and those they will transfer. It's up to us to advise them by performing comprehensive due diligence using sound empirical evidence. But the buffalo will ultimately decide where it wants to go. ❚ John McCumber is a security and risk professional, and author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodolog y," from Auerbach Publications. If you have a comment or question for him, e-mail Cool_as_ McCumber@cygnusb2b.com. COOL AS McCUMBER By John McCumber The Buffalo Bridle 48 SECURITY TECHNOLOGY EXECUTIVE • February/March 2014 T EDITORIAL Group Publisher ...................................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Editorial Director/Editor-in-Chief ............................................... Steve Lasky 800.547.7377 ext. 2221 • steve.lasky@cygnus.com Contributing Technical Editors David G. Aggleton, CPP Kevin Beaver, CISSP Ray Bernard, PSP, CHS-III Ray Coulombe Robert Lang, CPP John R. McCumber Robert Pearson, CPP Ronald Worman Editorial Advisory Board Christopher B. Berry, CPP, VP Global Security & Safety, Henry Schein Inc. George Campbell, Emeritus Faculty Advisor, Security Executive Council Eric W. Cowperthwaite, CSO, Providence Health & Services Elizabeth Lancaster Carver, Member Svcs. and Projects Mgr., Security Executive Council Richard L. Duncan, CPP, Dir. Security, Hartsfield-Jackson Atlanta Int'l Airport John B. Leavey, Director of Corporate Security, AIG Karl Perman, Director of Security, North American Transmission Forum Art Director.......................................................................Elizabeth C. Barbieri Production Manager ............................................................. Jane Pothlanski 631-963-6296 • jane.pothlanski@cygnus.com Audience Development Manager. .......................................... Wendy Chady SUBSCRIPTIONS CUSTOMER SERVICE Toll-Free (877) 382-9187; Local (847) 559-7598 Email: Circ.SecTechExec@omeda.com CEO, John French CFO, Paul Bonaiuto EVP Public Safety & Security, Scott Bieda VP Events- Public Safety & Security, Ed Nichols VP Production Operations, Curt Pordes VP Audience Development, Julie Nachtigal VP Technology, Eric Kammerzelt VP Human Resources, Ed Wood CYGNUS BUSINESS MEDIA Published by Cygnus Business Media, Inc. www.SecurityInfoWatch.com Elizabeth Jackson 847-492-1350 x18 • ejackson@meritdirect.com CYGNUS REPRINT SERVICES To purchase article reprints please contact Nick Iademarco at Wright's Media 1-877-652-5295 x102 or e-mail niademarco@wrightsmedia.com SECURITYINFOWATCH.COM Group Publisher ......................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Managing Editor ............................................................... Joel Griffin 800.547.7377 ext. 2228 • joel.griffin@cygnus.com Midwest Sales Brian Lowy 800.547.7377 ext. 2724 brian.lowy@cygnus.com West Coast Sales Bobbie Ferraro 310.545.1811 bobbie.ferraro@cygnus.com East Coast Sales John Lacasale 800.547.7377 ext. 6288 john.lacasale@cygnus.com Display Sales Erica Finger 800.547.7377 ext. 1324 erica.finger@cygnus.com SALES CONTACTS LIST RENTAL 3/17/14 9:24 AM

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - FEB-MAR 2014