One of the main challenges that drew me to Information Security (and management in general) was that of helping to build a working culture that is genuine, sustainable and is aligned to support 'the vision'. I've had the benefit to have learned directly, and from the experiences of past bosses, leaders and mentors how not to approach cultural change initiatives: Knowing what bad change-approaches looks like, usually without any real clarity around what perfect (or even good! ) may be is a useful head-space to occupy. At least in the absence of knowing what to do, knowing what not to do provides a useful reference point. I find that this simple psychological tool helps me to sanity check if I'm falling into those past gotchas and traps as shared with me by the wise few who've been there, seen it, burnt that bridge, picked themselves up and started all over. Haven't we all? The challenge of raising Information Security awareness through driving a work
A career in Marketing, Technology, Information Security and Managed Services. Thoughts. Discoveries. Questions. Open sourced and candid. All views are my own.