The Need to Deal with Internal Politics for Security Professionals

In an (ISC)2 Global Information Security Workforce Study some years ago, 46% of respondents indicated that their most time-consuming activities at work are “internal/political issues.” Based on my experience, dealing with such challenges continues to be a routine part of infosec professionals’ activities, and that shouldn’t be surprising.

We could view the preoccupation with organizational issues as a complaint that companies have too much red tape or internal politics, which prevent infosec personnel from doing their job. Alternatively, we could look at this statistic as an indicator of the type of activities in which security professionals must engage to be effective.

My recommendation is to accept and embrace the need to navigate the inner-workings of the organization. The success of a security project often depends on the extent to which infosec personnel have integrated with other colleagues in the business they support. After all, security is not a standalone discipline.

Dealing with political or other internal issues is part of most white-collar jobs. In the world of information security, there is a growing need for people who know how to communicate, empathize and talk the language of their non-security colleagues.

Note that (ISC)2 survey respondents averaged between 9 and 10 of experience, depending on where they lived. If you’re looking to stand out in this field, purely technical expertise probably won’t be sufficient. However, mastering the skills of navigating the political, cultural and strategic aspects of the organization can make you indispensable.

For more tips along these lines, see:

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more