Your SlideShare is downloading. ×
  • Like
Im Not Happy Till You're Not Happy
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Im Not Happy Till You're Not Happy


Building better Information Security relationships …

Building better Information Security relationships

Published in Technology , Sports
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • What brought you here?Role?Interest?The title?Let me tell you about the title… Luke DruryI thought it was hilarious… till I thought it was sad.
  • We’re spending a lot of time saying no to our customers, aren’t we?This is a problem
  • The reputation is a bad one to have.The No attitude, or at least an undeserved reputation is a huge problem.It gets in the way of our effectiveness
  • But I’m not here to feed you a bunch of fluff. We’re talking about requirements, today.
  • As an Information security professional, truth is that you are an excellent defender of NASA… if you can pull off a magical balancing act.
  • If you say No as a reflex
  • Now,it might go a bit too far
  • It could have an impact on the mission
  • Think about what exactly you are saying no to.Are you responding directly to a specific request?“I want administrator rights on this machine!”Do you ask them why, or kneejerk “NO!”What are some other ridiculous requests that you get?
  • Let’s talk about the people you work with
  • What are they trying to do? Do you even know? Have you asked? Do they build satellites? Do they run a training and education center?Do they make sure the bills get paid?L’Enfant’s Plan for DC
  • They are a component of the system that is NASA GSFCWhat they need from you is assurance that they can do their jobs safely. Diehl
  • So your people work on marvelousthings, complex thingsDealing with complex people, processes and requirements of their own, in order to contribute to even greater, more complex things Diehl
  • See the person, and what problem they are trying to solve.How does IT Sec enable them? Diehl
  • You are part of this. Think back to the basics….What are the 3 components of Information Security?ConfidentialityAccessibilityIntegrity
  • So, if they present you with a request don’t forget to look beyond confidentiality…have you asked what they are trying to accomplish? What problem they are trying to solve?Or are you comfortable not understanding? You should be aware that not understanding their role in the greater context actually introduces risk of its own.
  • Because you can offer alternatives. Ones that meet security requirements, and integrate with the constraints of our environment… But you can only do that if you start to look beyond “No” into the land of “Perhaps” Diehl
  • With knowledgeable questions, you can break down defensive postures… Find out what their needs actually are.Maybe the prickliness perceived by each side isn’t actually true.Who is the defensive hedgehog?
  • Be careful about that reflex
  • Do you want the relationships to be better? Assume noble intent on their part. Go in with noble intent yourself.Don’t sabotage the relationship from the start.Start asking “What are you wanting to do”
  • You may find that sometimes what looks like anger [and hostility], is actually pasta.
  • Old habits die hard. On both sides.If you’ve made yourself an obstacle to completing their work, your customers have gone, and will actively continue to go around you, ultimately creating more risk.
  • Remember that badgering gets you nowhere.Don’t get caught up in personal battles. Just because you are being more mission-focused, doesn’t mean that the atmosphere around you will change overnight.Badgers: Original flash animation: Your Meme:
  • Because they just want to do their work.
  • So, how do you see the people and their requirements in the organization?
  • While most have same basic requirements, their individual roles sometimes come with a not-so common set of additional IT requirements.They must use a legacy program that wants to write it’s data to the Program Files folder… that you could redirect outside of the folder…Sound familiar?
  • Anyone want have a similar story to share that has information that could be reused? Successful strategies?
  • The more personally invested you become, the easier it is to do these things:Asking “How can I help?” “what are you trying to do?”Have you made yourself part of their mission?Do you know it?Are excited by it?Are *curious* about it?Are you proud to be part of it?If you aren’t, why not?
  • The way you are treated will likely change, tooYou get to demonstrate your knowledgeYour competenceYour analytical abilityYou are a valuable professional
  • Because your security role significantly helps them to be more effective.This is NASA. The response of NO has a different meaning here. We do impossible things.
  • The fact that you careAbout their workAnd their success.You become a trusted part of the team.Yes, it is “My Little Pony: Friendship is magic”. I’m going to love and tolerate the $&*! out of you. Deal.


  • 1. I’m not happy ‘till you’re not happy
  • 2.
  • 3. I’m not happy ‘till you’re not happy
    Building better Information Security relationships
    Heather Diehl, PMP | Enterprise Architecture | ITCD, 702
    Information Assurance @Goddard
    June 27, 2011
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. My photo. Thanks!
  • 13. My photo. Thanks!
  • 14. My photo. Thanks!
  • 15.
  • 16.
  • 17. My photo. Thanks!
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Upcoming IA@G Events
    Certified or Certifiable
    State of the Hack
    And… ZOMBIEFEST 2011
    Sign up for the IA@G mailing list