I lied!!
OK, the previous post said that it was the last (for now) in the “Things I’ve done wrong” series. It wasn’t, this one is.
There are other things I have learned but those are a good starter for 10. For now, I think it is safe to say that having learned the lessons I'm better equipped to start making the sort of progress I want and the company needs.
From the above experiences, I looked for a publication that could provide guidance on the "from scratch" aspect of the role. I read "A Practical Guide To Managing Information Security" by Steve Purser which was a little vague in places but had a lot of good ideas. I've also bought a copy of "The Pragmatic CSO" by Mike Rothman of Security Incite (http://securityincite.com/blog/mike-rothman/the-pragmatic-cso-is-here) and having read the first section, it seems promising. I'm not sure it's going to teach me anything I hadn't already thought of but it is definitely reinforcing some ideas I have regarding getting buy-in and cooperation from others in the company. This can only be a good thing!!
In the previous post I said that it was demoralising to think that EVERYTHING needed to be explained. I have to get over this. I need to start thinking about this as a battle between good ideas and bad ideas. Like all battles, the side who is better prepared usually wins. So, I need to improve my preparedness and deliver the relevant information in a way that helps the opposition select the best way forward.
Basically, I’ve got to stop being lazy and start doing my job.
|