To manage the smart guys, set them free

22.05.2006
I have two vacancies in the information security department, and I've been hunting for good candidates for what seems like months and coming up empty. But my search got me thinking about how I manage the people I have. I don't want to lose any of them.

I've been a manager for about 16 years. At first, I was the supreme micromanager. I wanted daily status reports. I looked over shoulders. I constantly asked questions.

Looking back, I'm embarrassed at how poorly I managed people. By the time I was managing security people, I had learned a lot.

First of all, these guys (that's an all-inclusive, male-and-female "guys") are really smart. Most are smarter than their manager, so pretending you know everything is an unwise approach. You should know enough to converse intelligently and to understand the issues. But you can't know everything about every device on the network. You just need to know which security issues should be addressed and have a good idea of how to address them.

I used to think that a good manager of technical people has to be fairly technical herself. But I've found that no matter how hard I try, I can't keep up with the pace of technological innovation. Every innovation has a security component.

If I spend a weekend learning the nuts and bolts of designing a customized virtual private network, I fall behind on understanding the security implications of Microsoft's latest operating system.