Your SlideShare is downloading. ×
Im Not Happy Till You're Not Happy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Im Not Happy Till You're Not Happy

546
views

Published on

Building better Information Security relationships …

Building better Information Security relationships

Published in: Technology, Sports

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
546
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • What brought you here?Role?Interest?The title?Let me tell you about the title… Luke DruryI thought it was hilarious… till I thought it was sad.http://www.flickr.com/photos/jordandelion/4370518981/
  • We’re spending a lot of time saying no to our customers, aren’t we?This is a problemhttp://www.flickr.com/photos/markdodds/5125418883/
  • The reputation is a bad one to have.The No attitude, or at least an undeserved reputation is a huge problem.It gets in the way of our effectivenesshttp://www.flickr.com/photos/amylovesyah/4444095375/
  • But I’m not here to feed you a bunch of fluff. We’re talking about requirements, today.http://www.flickr.com/photos/andrewmalone/5163291500/
  • As an Information security professional, truth is that you are an excellent defender of NASA… if you can pull off a magical balancing act.http://www.flickr.com/photos/dunechaser/142079765/
  • If you say No as a reflexhttp://www.flickr.com/photos/markdodds/5125418883/
  • Now,it might go a bit too farhttp://greatfirewallofchina.org/index.php?siteurl=http%3A%2F%2Fnews.yahoo.com%2F
  • It could have an impact on the missionhttp://www.flickr.com/photos/repoort/2645497916/
  • Think about what exactly you are saying no to.Are you responding directly to a specific request?“I want administrator rights on this machine!”Do you ask them why, or kneejerk “NO!”What are some other ridiculous requests that you get?http://www.flickr.com/photos/xurble/376588066/
  • Let’s talk about the people you work with http://www.flickr.com/photos/kaptainkobold/5181464194/
  • What are they trying to do? Do you even know? Have you asked? Do they build satellites? Do they run a training and education center?Do they make sure the bills get paid?L’Enfant’s Plan for DC
  • They are a component of the system that is NASA GSFCWhat they need from you is assurance that they can do their jobs safely.http://www.flickr.com/photos/contemna/5272576625Heather Diehl
  • So your people work on marvelousthings, complex thingsDealing with complex people, processes and requirements of their own, in order to contribute to even greater, more complex thingshttp://www.flickr.com/photos/contemna/5725291684/Heather Diehl
  • See the person, and what problem they are trying to solve.How does IT Sec enable them?http://www.flickr.com/photos/contemna/5273189110Heather Diehl
  • You are part of this. Think back to the basics….What are the 3 components of Information Security?ConfidentialityAccessibilityIntegrityhttp://www.flickr.com/photos/joelogon/346368521/
  • So, if they present you with a request don’t forget to look beyond confidentiality…have you asked what they are trying to accomplish? What problem they are trying to solve?Or are you comfortable not understanding? You should be aware that not understanding their role in the greater context actually introduces risk of its own.http://www.flickr.com/photos/askpang/5402492304/
  • Because you can offer alternatives. Ones that meet security requirements, and integrate with the constraints of our environment… But you can only do that if you start to look beyond “No” into the land of “Perhaps”http://www.flickr.com/photos/contemna/5272578725Heather Diehl
  • With knowledgeable questions, you can break down defensive postures… Find out what their needs actually are.Maybe the prickliness perceived by each side isn’t actually true.Who is the defensive hedgehog?http://www.flickr.com/photos/swamibu/1937158223/
  • Be careful about that reflexhttp://www.flickr.com/photos/markdodds/5125418883/
  • Do you want the relationships to be better? Assume noble intent on their part. Go in with noble intent yourself.Don’t sabotage the relationship from the start.Start asking “What are you wanting to do”http://www.flickr.com/photos/screenpunk/2421689164/
  • You may find that sometimes what looks like anger [and hostility], is actually pasta.http://www.flickr.com/photos/mrwalker/428510520/
  • Old habits die hard. On both sides.If you’ve made yourself an obstacle to completing their work, your customers have gone, and will actively continue to go around you, ultimately creating more risk.http://www.flickr.com/photos/davidmoisan/3153441857/
  • Remember that badgering gets you nowhere.Don’t get caught up in personal battles. Just because you are being more mission-focused, doesn’t mean that the atmosphere around you will change overnight.Badgers: Original flash animation: http://www.weebls-stuff.com/wab/badgers/Know Your Meme: http://knowyourmeme.com/memes/badger-badger-badger
  • Because they just want to do their work.http://www.flickr.com/photos/gsfc/4954529973/
  • So, how do you see the people and their requirements in the organization? http://www.flickr.com/photos/mac_filko/5491559690/
  • While most have same basic requirements, their individual roles sometimes come with a not-so common set of additional IT requirements.They must use a legacy program that wants to write it’s data to the Program Files folder… that you could redirect outside of the folder…Sound familiar?http://www.flickr.com/photos/aaron_anderer/4093181371/http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2FD253711
  • Anyone want have a similar story to share that has information that could be reused? Successful strategies?http://www.flickr.com/photos/westfieldma/31590231/
  • The more personally invested you become, the easier it is to do these things:Asking “How can I help?” “what are you trying to do?”Have you made yourself part of their mission?Do you know it?Are excited by it?Are *curious* about it?Are you proud to be part of it?If you aren’t, why not?http://www.flickr.com/photos/dunechaser/250617151/
  • The way you are treated will likely change, tooYou get to demonstrate your knowledgeYour competenceYour analytical abilityYou are a valuable professionalhttp://www.flickr.com/photos/donsolo/1344386562/
  • Because your security role significantly helps them to be more effective.This is NASA. The response of NO has a different meaning here. We do impossible things. http://www.flickr.com/photos/28476480@N04/4548378501/
  • The fact that you careAbout their workAnd their success.You become a trusted part of the team.Yes, it is “My Little Pony: Friendship is magic”. I’m going to love and tolerate the $&*! out of you. Deal.
  • Transcript

    • 1. I’m not happy ‘till you’re not happy
      http://www.flickr.com/photos/jordandelion/4370518981/
    • 2. http://www.flickr.com/photos/markdodds/5125418883/
    • 3. I’m not happy ‘till you’re not happy
      Building better Information Security relationships
      Heather Diehl, PMP | Enterprise Architecture | ITCD, 702
      Information Assurance @Goddard
      June 27, 2011
      http://www.flickr.com/photos/amylovesyah/4444095375/
    • 4. http://www.flickr.com/photos/andrewmalone/5163291500/
    • 5. http://www.flickr.com/photos/dunechaser/142079765/
    • 6. http://www.flickr.com/photos/markdodds/5125418883/
    • 7.
    • 8. http://www.flickr.com/photos/repoort/2645497916/
    • 9. http://www.flickr.com/photos/xurble/376588066/
    • 10. http://www.flickr.com/photos/kaptainkobold/5181464194/
    • 11.
    • 12. My photo. Thanks!
    • 13. My photo. Thanks!
    • 14. My photo. Thanks!
    • 15. http://www.flickr.com/photos/joelogon/346368521/
    • 16. http://www.flickr.com/photos/askpang/5402492304/
    • 17. My photo. Thanks!
    • 18. http://www.flickr.com/photos/swamibu/1937158223/
    • 19. http://www.flickr.com/photos/markdodds/5125418883/
    • 20. http://www.flickr.com/photos/screenpunk/2421689164/
    • 21. http://www.flickr.com/photos/mrwalker/428510520/
    • 22. http://www.flickr.com/photos/davidmoisan/3153441857/
    • 23. http://www.weebls-stuff.com/wab/badgers/
    • 24. http://www.flickr.com/photos/gsfc/4954529973/
    • 25. http://www.flickr.com/photos/mac_filko/5491559690/
    • 26.
    • 27. http://www.flickr.com/photos/westfieldma/31590231/
    • 28. http://www.flickr.com/photos/dunechaser/250617151/
    • 29. http://www.flickr.com/photos/donsolo/1344386562/
    • 30. http://www.flickr.com/photos/28476480@N04/4548378501/
    • 31.
    • 32. Upcoming IA@G Events
      Certified or Certifiable
      State of the Hack
      And… ZOMBIEFEST 2011
      Sign up for the IA@G mailing list
    • 33. LATE OCTOBER