May 18, 2007 - #20
Mike's Pep Talk:
"You don't really want to hurt me. You don't really want to make me cry..."
- Culture Club
You knew it wouldn't be long before I broke out the Culture Club reference. Well today is the day. Boy George lives. I don't know where and I don't much care about that, but he/she lives on and on and on.
Yes, there is a point. The folks that were kind enough to bring me into Columbus, OH for the All-Ohio ISSA/InfraGard/ISACA set up a round table discussion before the cocktail party last night. It was a great crowd and an even better conversation. I was all ready to get discussion moving around incident response and monitoring, but that was not to be.
The only thing the group wanted to talk about was CULTURE. Yeah, I was surprised as well. Sure this is a pretty advanced group in a sophisticated security community, but still. It was surprising that their biggest issue remained how to get everyone on board with the security mindset.
Unfortunately, I don't have any silver bullets or panaceas for that. It takes brute force effort, consistently, over a long period of time to change a culture. And the impetus has to come from the top. One of the folks at the round table made a great comment. He talked about how the C-suite at his company have gotten on board, and basically made it very clear if they have to change passwords and carry tokens and have their web traffic and email monitored and all that other stuff that we security folk do, then the rank and file employee better get on board as well.
Sometimes that's what it takes. Another round table member talked about how they recently did a training for one group of employees where HR, Legal and Security were all there at the same time to make it clear what the acceptable use policies of the organization are and why it's important to adhere to them.
Top down thinking? Collaboration between functions? That was great to hear, but still the minority in the room. The clear message is that it CAN happen and it's something that you can do. But it takes perseverance. It takes a lot of work and it takes time. And when you get down in the dumps because the same user makes the same dumb mistakes over and over again, just break into song. I suggest Culture Club's "Do You Really Want to Hurt Me? [1]" That should cheer you up.
UPDATE: The Maiden Voyage of the P-CSO boot camp has been moved to June 6. There are still a few slots left, so don't get shut out. Sign up today. More details HERE [1].
In this week's issue:
- This week's P-CSO Tip: No one is above the law [1]
- P-CSO Bootcamp UPDATE: Session moved to June 6 [1]
- Newsflash: The first return [1]
- New Program: Selling to the Pragmatic CSO
[1]
here [1] and sign up today. Remember, this "maiden voyage" of the one-day seminar ON JUNE 6 in Atlanta is being offered at a special introductory price of $249. This is a 75% discount on the list price of $995 for the seminar and it INCLUDES the P-CSO book and a 30 minute pre-call with me. There are only 10 spots, so sign up today. You won't get this price again, EVER.
[2]
[3] 
[4]
[2] [3] [4]