Simple Rules of (InfoSec) Career Success
Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of influence and are highly regarded as coaches for improving the lives of their teams.
Naturally, all of these behaviors are markers for success in any role, and this could be a much longer list - but, in my experience, these are the ones I’ve observed make the most difference consistently.
Take Action. Get stuff done whether it’s your job or not - take ownership. Make a difference in some way every single day - while audacious goals and actions are great, much success comes from persistent small steps, sometimes adapted from others. Copy fast and improve.
Focus on the Customer. Obsess on them (internal or external). View the world from their perspective & recognize their problems - but know that some problems are not ready to be solved, so need to be regularly revisited when the time or context is right - without prompt.
Have a Mission. Be clear on your goals, if you aren’t then work to create such clarity. Keep focus on the essential. Align missions among teams, yours and others. Look for cross pollination. Measure results vs. mission.
Be Who You Are*. At a personal & team level. Find a role that plays to your strengths or change the role to match your strengths. Be great at your core role, aim to grow/increase scope, but never neglect the core. [*be who you are - except if you behave like an a-hole.]
Believe in Your Team. If you equip people and get out of their way then they will astound you. Face contention and disagreement as sources of action - don’t merely seek to improve relationships - mine the root cause of this, there are seams of gold there.
Work on Yourself. Learn something new every day. Zen - take satisfaction in the process - doing the best you can - progress not perfection. Be curious and be ok with saying “I don’t know”, usually followed by, “But I will find out”.
Honor Your Sponsors. Be loyal but not meek. Confound people’s expectations (whether they are high or low) - amaze people with how commercial and helpful you are - especially in places where the status quo is far from this.
It is Always Your Fault. Golden rule for InfoSec: people not “getting” security is always our fault. We could have made a better solution, persuaded better, and so on. Think this even when something really wasn’t our fault - a better outcome will come from that too.
Bottom line : I’ve seen these attributes/behaviors work for many people, including me. The list is, of course, incomplete but when I look at all the other good things successful people do you can often see they are a result of these core behaviors.