Problem #3: Not Enough Humble Pie

No doubt, customers across the globe would prefer to work with someone who has a positive, friendly, humble, patient attitude. Unfortunately, this description doesn't fit many security professionals (except when they are talking to other security professionals). Rather, we tend to bypass processes and demand urgent action for the-sky-is-falling-level priorities.

We preach against fear, uncertainty and doubt (FUD)--but we don't practice what we preach. Why? Because (regularly updated) FUD usually works. Security staff use legal compliance, dark-side hackers, malware problems, Third World threats and identity theft as trump cards. Staff can act as if these challenges are the only problems truly worth fixing. Bottom line, we forget our place and the reason for the security team's existence.

Key #3: Display Genuine Humility with Professional Excellence. The old adage "Pride comes before a fall" needs to be at the forefront of security professionals' minds. The bad guys are always getting better. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and on when you are truly done. What worked today may not work tomorrow. So be careful about the promises you make to others regarding the protections you are deploying.

Goals in this area should include good collaboration and following established project life-cycle processes that build in security. Declare an emergency only rarely, or others will think you are crying wolf. Seek to be a respected team player. Treat others as you would have them treat you. One tip: Join the office softball team or take part in some other fun company activity.