People Security - Behavior Engineering and Information Security

 

CybersecurityBubbles.jpgThinking Outside the Security Blog

 

Check back often for blog posts and news about cyber security and vulnerabilities.

 

People Security - Behavior Engineering and Information Security
Written By: Rob Hatke ~ 6/24/2021

In the last blog articles, I talked about Motivations. In this article, I will talk about the Individual Capacity. As a reminder, the Barriers to Performance is provided below. Note that Individual – Capacity accounts for 8%.

BLOGPOST_BehaviorEngineering04202021B.JPG

Let’s dive into Individual Capacity. Yet again, I picked another small percentage. What gives? I am purposely discussing the areas people commonly “blame” for issues, but these are less impactful than people think. (Hint: Next blog will be about Individual Knowledge and Skills)

Hold on to your seat. I am going to say some things that will likely make people uncomfortable, or maybe even offend.

Often there is the saying “Wrong person for the job.” This is exactly what this barrier is all about. For Information Security, my opinion is the “right” person is someone who has passion, someone who is willing to put in the extra effort, and someone who is not in it just for the money. The above chart mentions creativity. In Information Security, that is instantiated by “thinking outside the box.” Sadly, I think the industry has produced schools that train people to all think and do the same thing. I have come across too many people in the industry that should be in other jobs. People’s response has been the same for decades to InfoSec problems (a topic for many many other blogs to come). InfoSec is a hard problem, people who are not willing to change or think outside the box will be a mismatch. Lastly, the best match for the InfoSec role is best summed up by a quote from Mike Rothman “…it’s not technical chops that make the best security folks, it’s the attitude and high threshold for pain and frustration.”

I hope this blog article has caused you to “think outside your security box.” Stay tuned for future blogs on Behavior Engineering.


Share this post!