Share Your Program Management and Leadership Approaches at the 2019 Security Conference

min read

The program committee for the 2019 Security Professionals Conference has added a new track focusing on strategic leadership, professional and organizational development, and personnel management.

Image of shield protecting data
Credit: your / Shutterstock © 2018

For the 2019 EDUCAUSE Security Professionals Conference, the program committee has updated the tracks to include sessions focused on management and leadership. The new "Strategic Leadership, Professional and Organizational Development, and Personnel Management" track provides attendees with an opportunity to converse on topics that have been discussed in the hallways and at meals for years. As a supporter of this new track, I wanted to write about some of the discussions that led to its creation and some of my hopes for content at the event in Chicago on May 13–15, 2019.

During the first evening of the 2018 Security Professionals Conference, there was a showing of CODE: Debugging the Gender Gap []. This documentary about the underrepresentation of women in the software development field focuses on interviews with women working in software development, as well as people working to increase the number of women engaged in software development. After watching the documentary, the group had a great discussion that included descriptions of personal experiences being women in technology fields, experiences recruiting and retaining diverse teams, and some honest talk about things we all had done poorly or well to support team members with a variety of backgrounds. These weren't the first conversations we'd had on these topics, but it was new to have them as the focus of an official conference session.

The discussions in the room and in the hallways for the rest of the conference went well beyond the topic of engaging all genders. I spoke with attendees about hiring practices—casting wide nets that don't exclude or discourage candidates in a variety of ways. We talked about performance management techniques that ensure the process is positive and useful. People commiserated about the difficulty recruiting in smaller towns or competing with big companies next door. We talked about organizational changes and finding funding in tight budget cycles. Folks discussed successes and failures in articulating security needs to stakeholders and garnering support for the processes and teams. It was clear that the process of managing and leading information security teams is a key piece in the effectiveness of information security programs, and it seemed that perhaps there was enough discussion to warrant a separate track.

The idea of adding a management-focused track to the Security Conference became its own topic of discussion between sessions and during meals. We socialized the idea with some of the regular conference attendees, and people seemed to like the idea. EDUCAUSE staff took up the effort and brought it to the 2019 planning committee to consider including in the next call for proposals (CFP).

Now that the 2019 CFP is open, I started the ball rolling for a management track with a message to the EDUCAUSE Security Community Group to find peers interested in participating in a panel session talking about progressive recruiting and hiring practices. I hope to have some good partners to talk about great things they are trying out to improve their recruiting processes. While this topic is of particular interest for me at the moment, I know our community has a lot of management interests, and I hope to see more great topics for the new track:

  • Retaining infosec team members in highly competitive areas: Institutions in large cities or technology centers have some stiff competition for talented team members. Is it a fight? Is it a partnership? How do you build and retain a team with lots of other opportunities nearby?
  • Finding quality professional development opportunities on a budget (a favorite topic of discussion over the years): Pull together a group of institutions that each have a different take. Is the focus on cross training, books, MOOCs, vendor-sponsored sessions, or other training opportunities? Put together a cheat sheet of low-cost, high-quality options, and you can bet it will be read by a lot of people in our community.
  • Going beyond tactical professional development to help team members with career planning: The best personnel managers I know think about the long-term path for each of their team members and how to support them in moving down that path. How do you assist people in building that vision, figuring out the next step, and making decisions about new opportunities?
  • Techniques in articulating and demonstrating security value to stakeholders: Whether you do it with prose, metrics, or performance arts, ensuring that your institution's key stakeholders understand the role and the value of information security programs and teams is at the core of the job for information security officers. What approaches have connected with your stakeholders?
  • What it means to be supportive of a diverse set of team members: Diversity has many facets, so I'd love to see a panel that touches on multiple aspects such as technology accessibility, flexible work schedules, respecting personal identity (gender, ethnicity, religion, etc.), modeling behavior through action and words, providing awareness and training, ensuring open environments for discussion and feedback, and many more.

If any of these topics resonate with you, or if you have your own topic, please submit a proposal by November 12 to share your experiences (both successes and failures) with our community. I'll be there next May to join in the conversations!

Brad Judy is Information Security Officer at University of Colorado, System Administration.

© 2018 Brad Judy. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.