Explaining Your Progress to Clients or Colleagues

Your non-security colleagues or clients probably have a hard time telling whether you are doing your job well, unless you interact with them on regular basis. After all, they probably don’t understand the intricacies of your work, which makes it hard for them to judge its quality. What can you do about it?

Out of Sight, Out of Mind

As I wrote earlier post, people who don’t understand a specialized skill set estimate the value they receive by assessing the effort (usually time) that goes into the project. Nowadays many employees and consultants work remotely; this makes it harder to know how much people have worked on a given task. This can lead colleagues or clients to assume that the person wasn’t working hard enough.

The solution to this challenge may involve meeting with the relevant people more often by phone or in person. In addition, we should put effort into providing regular status updates electronically regarding both the tasks in progress and recent milestones. (At the same time, we must be careful not to spam people or annoy them with numerous unnecessary calls.)

Posters in the Subway

Consider an example from the world outside of information security:

New Yorkers were grumpy about the apparent lack of improvements in the city’s transit infrastructure. The Metropolitan Transportation Authority (MTA) was asking for additional funding and planned to increase fares; yet, the riders and policy makers didn’t understand how the existing money was being spent.

MTA responded with a PR campaign to highlight the improvements it was making to subways, buses and bridges. The advertisement posters, extolled the hard work of MTA employees and include the tag line “Improving, non-stop.” (It’s too early to say whether the campaign had the desired effect.)

What You Can Do

Perhaps your organization, department or self should launch a PR campaign to make sure that your colleagues or clients understand the work you do and how they benefit from it. Companies use similar tactics as part of a security awareness program or overall marketing campaigns, so this shouldn’t be a completely unfamiliar effort. Who knows, perhaps some day you’ll be receiving thank-you cards from appreciative admirers of your work.

Lenny Zeltser


About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more