Im Not Happy Till You're Not Happy


Published on

Building better Information Security relationships

Published in: Technology, Sports
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • What brought you here?Role?Interest?The title?Let me tell you about the title… Luke DruryI thought it was hilarious… till I thought it was sad.
  • We’re spending a lot of time saying no to our customers, aren’t we?This is a problem
  • The reputation is a bad one to have.The No attitude, or at least an undeserved reputation is a huge problem.It gets in the way of our effectiveness
  • But I’m not here to feed you a bunch of fluff. We’re talking about requirements, today.
  • As an Information security professional, truth is that you are an excellent defender of NASA… if you can pull off a magical balancing act.
  • If you say No as a reflex
  • Now,it might go a bit too far
  • It could have an impact on the mission
  • Think about what exactly you are saying no to.Are you responding directly to a specific request?“I want administrator rights on this machine!”Do you ask them why, or kneejerk “NO!”What are some other ridiculous requests that you get?
  • Let’s talk about the people you work with
  • What are they trying to do? Do you even know? Have you asked? Do they build satellites? Do they run a training and education center?Do they make sure the bills get paid?L’Enfant’s Plan for DC
  • They are a component of the system that is NASA GSFCWhat they need from you is assurance that they can do their jobs safely. Diehl
  • So your people work on marvelousthings, complex thingsDealing with complex people, processes and requirements of their own, in order to contribute to even greater, more complex things Diehl
  • See the person, and what problem they are trying to solve.How does IT Sec enable them? Diehl
  • You are part of this. Think back to the basics….What are the 3 components of Information Security?ConfidentialityAccessibilityIntegrity
  • So, if they present you with a request don’t forget to look beyond confidentiality…have you asked what they are trying to accomplish? What problem they are trying to solve?Or are you comfortable not understanding? You should be aware that not understanding their role in the greater context actually introduces risk of its own.
  • Because you can offer alternatives. Ones that meet security requirements, and integrate with the constraints of our environment… But you can only do that if you start to look beyond “No” into the land of “Perhaps” Diehl
  • With knowledgeable questions, you can break down defensive postures… Find out what their needs actually are.Maybe the prickliness perceived by each side isn’t actually true.Who is the defensive hedgehog?
  • Be careful about that reflex
  • Do you want the relationships to be better? Assume noble intent on their part. Go in with noble intent yourself.Don’t sabotage the relationship from the start.Start asking “What are you wanting to do”
  • You may find that sometimes what looks like anger [and hostility], is actually pasta.
  • Old habits die hard. On both sides.If you’ve made yourself an obstacle to completing their work, your customers have gone, and will actively continue to go around you, ultimately creating more risk.
  • Remember that badgering gets you nowhere.Don’t get caught up in personal battles. Just because you are being more mission-focused, doesn’t mean that the atmosphere around you will change overnight.Badgers: Original flash animation: Your Meme:
  • Because they just want to do their work.
  • So, how do you see the people and their requirements in the organization?
  • While most have same basic requirements, their individual roles sometimes come with a not-so common set of additional IT requirements.They must use a legacy program that wants to write it’s data to the Program Files folder… that you could redirect outside of the folder…Sound familiar?
  • Anyone want have a similar story to share that has information that could be reused? Successful strategies?
  • The more personally invested you become, the easier it is to do these things:Asking “How can I help?” “what are you trying to do?”Have you made yourself part of their mission?Do you know it?Are excited by it?Are *curious* about it?Are you proud to be part of it?If you aren’t, why not?
  • The way you are treated will likely change, tooYou get to demonstrate your knowledgeYour competenceYour analytical abilityYou are a valuable professional
  • Because your security role significantly helps them to be more effective.This is NASA. The response of NO has a different meaning here. We do impossible things.
  • The fact that you careAbout their workAnd their success.You become a trusted part of the team.Yes, it is “My Little Pony: Friendship is magic”. I’m going to love and tolerate the $&*! out of you. Deal.
  • Im Not Happy Till You're Not Happy

    1. 1. I’m not happy ‘till you’re not happy<br /><br />
    2. 2.<br />
    3. 3. I’m not happy ‘till you’re not happy<br />Building better Information Security relationships<br />Heather Diehl, PMP | Enterprise Architecture | ITCD, 702<br />Information Assurance @Goddard<br />June 27, 2011<br /><br />
    4. 4.<br />
    5. 5.<br />
    6. 6.<br />
    7. 7.
    8. 8.<br />
    9. 9.<br />
    10. 10.<br />
    11. 11.
    12. 12. My photo. Thanks!<br />
    13. 13. My photo. Thanks!<br />
    14. 14. My photo. Thanks!<br />
    15. 15.<br />
    16. 16.<br />
    17. 17. My photo. Thanks!<br />
    18. 18.<br />
    19. 19.<br />
    20. 20.<br />
    21. 21.<br />
    22. 22.<br />
    23. 23.<br />
    24. 24.<br />
    25. 25.<br />
    26. 26.
    27. 27.<br />
    28. 28.<br />
    29. 29.<br />
    30. 30.<br />
    31. 31.
    32. 32. Upcoming IA@G Events<br />Certified or Certifiable<br />State of the Hack<br />And… ZOMBIEFEST 2011<br />Sign up for the IA@G mailing list<br />
    33. 33. LATE OCTOBER<br />