The Need to Deal with Internal Politics for Security Professionals

In an (ISC)2 Global Information Security Workforce Study some years ago, 46% of respondents indicated that their most time-consuming activities at work are “internal/political issues.” Based on my experience, dealing with such challenges continues to be a routine part of infosec professionals’ activities, and that shouldn’t be surprising.

We could view the preoccupation with organizational issues as a complaint that companies have too much red tape or internal politics, which prevent infosec personnel from doing their job. Alternatively, we could look at this statistic as an indicator of the type of activities in which security professionals must engage to be effective.

My recommendation is to accept and embrace the need to navigate the inner-workings of the organization. The success of a security project often depends on the extent to which infosec personnel have integrated with other colleagues in the business they support. After all, security is not a standalone discipline.

Dealing with political or other internal issues is part of most white-collar jobs. In the world of information security, there is a growing need for people who know how to communicate, empathize and talk the language of their non-security colleagues.

Note that (ISC)2 survey respondents averaged between 9 and 10 of experience, depending on where they lived. If you’re looking to stand out in this field, purely technical expertise probably won’t be sufficient. However, mastering the skills of navigating the political, cultural and strategic aspects of the organization can make you indispensable.

For more tips along these lines, see:


About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. He is presently the CISO at Axonius and an author and instructor at SANS Institute. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more