Hacking Is Easy, Managing Is Hard

Posted by

managingSecurity is one of the hardest industries in the world to have a long-term career. By extension, it makes managing security people the hardest to manage. Especially as you go to a higher level of technical skill.

In the life cycle of technology, security issues are at the front. When a new technology comes out it has lots of vulnerabilities. Whereas when it’s been around for fifteen years, it has many fewer vulnerabilities. What does that mean if you’re building a career? It means that your skills are out-of-date every 36 months. Every one of us in security has to reinvent or we wash out every 36-48 months. And if you’re two cycles behind, you’re unemployable.

It’s a bit insane to manage people who are so information crazed that they have to constantly reinvent themselves. To manage career development, to keep those folks happy, challenged and motivated, is incredibly difficult. When you are moving into management, it’s not about science, it’s about people.

Unlike the corporate world where upward movement is expected, being a manager in security is something you have to really want to do. You move from being a smart, savvy nerd who gets a lot accomplished, to managing forty smart, savvy nerds and the trick is to understand you can get better results and solve bigger problems than you can by yourself. You take those forty and make them smarter and motivate them to get more things done. That’s how your performance is measured.

If you want to manage you need to read “High Output Management” by Andy Groves. It is the bible on technical management. The idea of the book being that a manager is successful when two things happen:  First their organization performs well, and then everybody on their team performs well. Management is the ability to solve problems through other folks.

If you hate meetings you should reconsider your interest in moving to management. A manager’s currency is meetings. A good manager is either holding a meeting or prepping for one. Three things should happen in a meeting:  the transfer of information, decision making and influence. A really good meeting has solid context. And don’t shy away from conflict. If everyone walks into the room and completely agrees, why have the meeting?  When people start to debate, everyone listens. That’s a good thing.

For more details, check out the full presentation from BSides LV below:

Hacking Is Easy, Hiring Is Hard: Managing Security People from CyberSecJobs on Vimeo.

This entry was posted on Thursday, November 02, 2017 6:45 am

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.