var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Saturday, April 2, 2016

Why Can't We Be Friends?

I recently posted the below on the SANS Internet Storm Center.

Now is the time for us to play match maker by setting our application and operating system owners up on their first date. We could call it Stake Holder Speed Dating (SHSD). In SHSD sessions, information security professionals can intentionally facilitate a closer relationship between two critically important, yet often times not very well connected teams. Application and operating system owners typically have much more in common than what each realizes. On their first SHSD session, several strategically placed questions could be used to get each team better connected by helping them recognize they should be together forever. Imagine if you will the conversation -

"So wait, you get notified in the middle of the night when bad or unexpected things happen on your systems? So do I! Would you mind adding me to your notifications? I bet it will help me know about potential problems on my systems ahead of time. That would be awesome and I can do the same thing for you as well”.

I see this as yet another reason to get up from our desks and walk around more. In addition to the positive health benefits of not staring at a screen all day long, it will also serve as a means to better "connect the dots” inside your own organization as well. The SHSD sessions do not have to be formal, in fact a brown bag lunch time session or perhaps an after hours get together could serve to foster these relationships quite well.

By exploring simple ways in which each team has a common interest, scenarios like this can be leveraged as a means to help each team understand how they can better help each other. Bonus points if they give greater insight to you as an information security professional.

We all benefit when realizing that we're all in this together. I encourage you next week to schedule time to pursue application and operating system owners in your respective organization. This simple act could very well facilitate a life long relationship that is beneficial for everyone. 

What success have you realized by nurturing the relationship between your application and operating system owners? Please share them in the comments section below.


Russell Eubanks