Category Archives: Leadchange

  • 0

Guide Dogs and Information Security: Raising Them to Enable

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Uncategorized Tags : 

My thoughts on another challenge facing infosec offices in higher education. It reflects my thoughts, and not necessarily those of my employer.

We had the privilege of being puppy raisers for Guiding Eyes for the Blind, an organization that provides assistance dogs for the visually impaired. Our role was to help the puppy become a mature adult who was able to fulfill his role as an enabler. Yes, it’s a stretch, but it’s also what an Information Security Officer does when “raising” an information security program. A mature information security program becomes an enabler for the business and users it supports. A mature guide dog enables the user it supports to go about his or her daily business. (And no, I’m not going to try to keep drawing parallels between the two experiences!)

In a university setting, maturing a security program and successfully accomplishing initiatives depends on cooperation and collaboration. In my experience, there is very little that can be mandated, unless required for legal compliance; even then, there may be significant resistance. Understanding the business needs of an institution will enable the Information Security Office to set the best balance between security strategies and other priorities at the campus level; thus, opening doors to acceptance of security initiatives.

Read More

  • 2

Infosec Strategies: Creating Centralized Efficiencies in a Decentralized IT Environment

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Risk,Uncategorized Tags : 

Information Security Wordle: RFC2196 - Site Se...

My thoughts on one of the challenges facing infosec offices in higher education. It reflects my thoughts, and not necessarily those of my employer.

The institutional challenge of creating centralized cost-effective efficiencies in an environment with a strong tradition of localized, decentralized IT solutions and personnel is normative in higher education.

An Information Security Office can create centralized efficiencies by:

  • Modeling an effective centralized service organization that is responsive to the individual needs of specific departments. (One way to accomplish this is by regular meetings with stakeholders to ensure that the Information Security Office can enable their business, rather than create barriers with unreasonable requirements.)
  • Providing centralized security services such as vulnerability scanning of web and servers and security reviews of proposed solutions.
  • Managing compliance initiatives such as private information remediation centrally, leveraging an extended team composed of empowered college and division representatives.
    Read More

  • 1

A review of Petrilli, The Introvert’s Guide to Success in Business and Leadership

Category:Infosec Communicator,Introverted Leadership,introverts,Leadchange,Leadership,STC,STC Rochester,techcomm Tags : 

Reading this book as an introverted leader, I’m encouraged to see that Lisa recommends and extends many of the same techniques I’ve found essential. I found that meeting individually with members of my admin council was a key enabler in a successful year. I also appreciated knowing that an introvert can rise to C level leadership.

Lisa refers to not faking it. However, I viewed my leadership  responsibility as a role that had duties and expectations to fulfil. I observed successful leaders and tried to emulate their ability to reach out to others to welcome them and affirm them.

I think the book is best suited for introverts who have been newly thrust into leadership. The section for extraverted leaders on how to lead introverts was also useful.


  • 0

Bridge Building: Establishing Communications Processes

Category:Communications Processes,Infosec Communicator,Leadchange,Lessons Learned,techcomm,Uncategorized Tags : 

image

This past fall we had the privilege of visiting Pont du Gard, a Roman bridge and aqueduct in Languedoc in the south of France. Although built primarily without mortar (except for the top course of blocks), Pont du Gard has endured for more than 2000 years, despite frequent spring floods.

The Pont du Gard aqueduct/bridge was built to provide clean water for the town of Nimes. Its builders understood the importance of building a structure that took into account the factors that would affect the bridge. They understood at least some of the pressures that would bear on that structure. They built the bridge accordingly. Its builders designed it to endure.

Geographical map of the aqueduct of the Pont d...

Geographical map of the aqueduct of the Pont du Gard. Map created using data from OpenStreetMap. (Photo credit: Wikipedia)

So, this blog is about communications. What does the Pont du Gard have to do with communications?

Much of my role as a technical communicator has been to build processes that enable the flow of good communication. I’ve had to factor in the context (pressures that will bear on the structure) in which I was building those processes. Those communications processes are the bridges (aqueducts) that I build. In distributed organizations, well built communications bridges are critical to the health of the organizations.

Over the next few weeks, I’m going to talk about bridge building.  First, I’ll discuss my initial attempts at architecting communications processes for a Fortune 500 organization that had outsourced key support processes in the midst of a major software/hardware infrastructure transformation. Next, I’ll discuss communications processes I’ve built in my role as an information security practitioner in higher education. Finally, I’ll talk about my current work to build a sustainable communications bridge that enables clear communications between a central organization and its distributed communities, ensures the concerns of those distributed communities are heard, and facilitates best practice sharing among those communities.

Enhanced by Zemanta

  • 10

Why Professional Conferences Matter

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Social Networking,STC Rochester Tags : 

I’ve heard a lot of discussion recently that professional conferences aren’t needed anymore because of the inter-connectivity afforded by the Internet. Why is it reasonable to spend hundreds or even a couple of thousand dollars to attend a face-to-face conference?

Over the last week, I’ve been part of the leadership teams for and attended two conferences, the STC Rochester Spectrum regional technical communications conference and the EDUCAUSE Security Professionals Conference in San Antonio. It’s been an incredible experience.

Here’s what I’ve found:

  • Spectrum provided an opportunity for me to meet face-to-face with people I’ve been talking to via social networking for almost a year. This is important because I was able to have indepth conversations with key leaders about critical issues affecting our profession. These conversations wouldn’t have been viable in social media. They may have been doable through Skype or phone, but the ability to read the nuances of a conversation when you’re not together is really difficult.
  • Spectrum also provided STC Rochester an opportunity to showcase our abilities (and to have those abilities affirmed by other community and society leaders.) It was important for our chapter to understand our connections and I think our membership was “blown away” that international leadership would attend. We were truly honored.
  • Spectrum provided state of the art content in technical communications. In the sessions I facilitated, Kristi Leach was able to test a usability session with peers and gain invaluable feedback and Hannah Morgan provided a fresh look at the importance of social networking in your branding and in your career.  Other speakers presented key information about current tools and the future of our profession.

The Security Professionals conference allowed me to see (way too briefly) colleagues that I speak with on conference calls and work with, but from a distance of thousands of miles. We’ve become friends and it’s great to be able to unwind with a team that’s worked hard together all year.

  • The Security Professionals conference gave me the opportunity to present with a panel of fellow practitioners that are remediating private information at our respective universities. It gave our audience an opportunity to hear how four schools are tackling similar problems and the “unvarnished” truth of the stuggles we’ve faced and inroads we’ve made. This was invaluable to our attendees, because they could ask questions and establish the networking contacts that will save them time and dollars as they tackle similar problems. We become resources for each other.
  • The Security Professionals conference also allowed me to work in tandem with Cherry Delaney of Purdue University, my former co-chair of the Awareness and Training Working group. We were able to share with a group of ISOs, information security practitioners (and even a CIO) the steps needed to create a holistic strategic Security Awareness plan and share examples of how we’ve approached the task of educating end users. We were also able to work with them in small groups to develop specific steps and put together the beginnings of an action plan.

The interaction at a professional conference is one of the key enablers to moving forward in your profession, becoming “unstuck” when you’re out of ideas, and establishing a network of contacts to help each other.

This interaction was helped by the fact that the conferences were of a size (120 and 350) where you could actually see the same people in several venues. Large conferences don’t always allow for that.

For me, professional conferences matter.

What do you get out of them?

 

Related content


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner