The Need to Deal with Internal Politics for Security Professionals

In an (ISC)2 Global Information Security Workforce Study some years ago, 46% of respondents indicated that their most time-consuming activities at work are "internal/political issues." Based on my experience, dealing with such challenges continues to be a routine part of infosec professionals' activities, and that shouldn't be surprising.

We could view the preoccupation with organizational issues as a complaint that companies have too much red tape or internal politics, which prevent infosec personnel from doing their job. Alternatively, we could look at this statistic as an indicator of the type of activities in which security professionals must engage to be effective.

My recommendation is to accept and embrace the need to navigate the inner-workings of the organization. The success of a security project often depends on the extent to which infosec personnel have integrated with other colleagues in the business they support. After all, security is not a standalone discipline.

Dealing with political or other internal issues is part of most white-collar jobs. In the world of information security, there is a growing need for people who know how to communicate, empathize and talk the language of their non-security colleagues.

Note that (ISC)2 survey respondents averaged between 9 and 10 of experience, depending on where they lived. If you're looking to stand out in this field, purely technical expertise probably won't be sufficient. However, mastering the skills of navigating the political, cultural and strategic aspects of the organization can make you indispensable.

For more tips along these lines, see:

Updated

About the Author

I design practical security solutions and shepherd them to a sustainable state. I used to be hands-on in many areas of cybersecurity and IT. Now I focus on strategy and leadership, treating security as an enabler that helps people and companies achieve their goals. As the CISO of Axonius, I lead the security program to earn customers' trust and fuel the company's growth. Earlier, I built security products and services. I'm also a Faculty Fellow at SANS Institute, where I help professionals develop malware analysis skills.

Learn more