In an (ISC)2 Global Information Security Workforce Study some years ago, 46% of respondents indicated that their most time-consuming activities at work are “internal/political issues.” Based on my experience, dealing with such challenges continues to be a routine part of infosec professionals’ activities, and that shouldn’t be surprising.
We could view the preoccupation with organizational issues as a complaint that companies have too much red tape or internal politics, which prevent infosec personnel from doing their job. Alternatively, we could look at this statistic as an indicator of the type of activities in which security professionals must engage to be effective.
My recommendation is to accept and embrace the need to navigate the inner-workings of the organization. The success of a security project often depends on the extent to which infosec personnel have integrated with other colleagues in the business they support. After all, security is not a standalone discipline.
Dealing with political or other internal issues is part of most white-collar jobs. In the world of information security, there is a growing need for people who know how to communicate, empathize and talk the language of their non-security colleagues.
Note that (ISC)2 survey respondents averaged between 9 and 10 of experience, depending on where they lived. If you’re looking to stand out in this field, purely technical expertise probably won’t be sufficient. However, mastering the skills of navigating the political, cultural and strategic aspects of the organization can make you indispensable.
For more tips along these lines, see:
- Strong Communication Skills: 10 Tips for IT Professionals
- Situational Awareness for Information Security Professionals
- Developing Information Security Skills Through Deliberate Practice