Personal integrity the keystone in an infosec career

Bookmark This (opens in new window)

The information security field is experiencing a high rate of growth in virtually every industry in every corner of the world.

More than almost every other profession, information security places high demands for personal integrity on all practitioners , regardless of the specialty that is practiced. In general information security professionals act as consultants to many business departments and functions, providing guidance or performing analysis, in order to identify and reduce risks. Information security professionals often act as “change agents”, to influence how other employees do whatever it is that they do, but in a way that reduces risk. Here are some examples:

  • Workstation use. If we tell people not to install unsupported programs, then we should not do so either. If we tell people to lock their workstations and take measure to prevent their accidental loss, then we must also take those same precautions.
  • Internet usage. If we tell people not to visit unsafe sites, then we should follow suit. If we tell people not to propagate chain letters, then we should not do that as well.
  • Data protection. If we instruct employees to encrypt sensitive data, then we must also encrypt sensitive data.

In short, we lead by example. To be caught doing what we say others should not do will diminish our credibility. Without our credibility, how can we expect others to follow our lead?

Personal integrity spills over into our personal life. Integrity knows no boundaries. If we lie, cheat, and steal outside of work, that taints our judgment and prevents our ability to perform at the level required of us. If we perform at a low standard on or off the job, we will tend to expect less of others, and we’ll be less apt to challenge others on their own actions. That will make us far less effective.

Advertisements

3 thoughts on “Personal integrity the keystone in an infosec career

  1. andyitguy

    Peter, I like the way you think. I have written about this very thing several times. I think that personal integrity can’t be left at home or wherever people want to leave it. I also agree that we have to practice what we preach. Some people think that I have a too simplistic view of things, but I think it is just common sense.

    This is the first post of yours that I’ve read but after looking over you site I think that you definitely need to be on my RSS feed so I’m going to add you.

    Reply
  2. Pingback: What security professionals can learn from Eliot Spitzer « Securitas Operandi™

  3. Pingback: Integrity and intellectual property « Securitas Operandi™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s