Personal integrity the keystone in an infosec career

The information security field is experiencing a high rate of growth in virtually every industry in every corner of the world.

More than almost every other profession, information security places high demands for personal integrity on all practitioners , regardless of the specialty that is practiced. In general information security professionals act as consultants to many business departments and functions, providing guidance or performing analysis, in order to identify and reduce risks. Information security professionals often act as “change agents”, to influence how other employees do whatever it is that they do, but in a way that reduces risk. Here are some examples:

• Workstation use. If we tell people not to install unsupported programs, then we should not do so either. If we tell people to lock their workstations and take measure to prevent their accidental loss, then we must also take those same precautions.
• Internet usage. If we tell people not to visit unsafe sites, then we should follow suit. If we tell people not to propagate chain letters, then we should not do that as well.
• Data protection. If we instruct employees to encrypt sensitive data, then we must also encrypt sensitive data.

In short, we lead by example. To be caught doing what we say others should not do will diminish our credibility. Without our credibility, how can we expect others to follow our lead?

Personal integrity spills over into our personal life. Integrity knows no boundaries. If we lie, cheat, and steal outside of work, that taints our judgment and prevents our ability to perform at the level required of us. If we perform at a low standard on or off the job, we will tend to expect less of others, and we’ll be less apt to challenge others on their own actions. That will make us far less effective.