The Need to Deal with Internal Politics for Security Professionals
Nearly half of security professionals report internal and political issues consume most of their time. Rather than viewing this as red tape preventing real work, accept that navigating organizational dynamics is essential for security success. Purely technical expertise won't make you indispensable.
In an (ISC)2 Global Information Security Workforce Study some years ago, 46% of respondents indicated that their most time-consuming activities at work are “internal/political issues.” Based on my experience, dealing with such challenges continues to be a routine part of infosec professionals’ activities, and that shouldn’t be surprising.
We could view the preoccupation with organizational issues as a complaint that companies have too much red tape or internal politics, which prevent infosec personnel from doing their job. Alternatively, we could look at this statistic as an indicator of the type of activities in which security professionals must engage to be effective.
My recommendation is to accept and embrace the need to navigate the inner-workings of the organization. The success of a security project often depends on the extent to which infosec personnel have integrated with other colleagues in the business they support. After all, security is not a standalone discipline.
Dealing with political or other internal issues is part of most white-collar jobs. In the world of information security, there is a growing need for people who know how to communicate, empathize and talk the language of their non-security colleagues.
Note that (ISC)2 survey respondents averaged between 9 and 10 of experience, depending on where they lived. If you’re looking to stand out in this field, purely technical expertise probably won’t be sufficient. However, mastering the skills of navigating the political, cultural and strategic aspects of the organization can make you indispensable.
For more tips along these lines, see: