Just how important is it for the Security Professional to have social skills?
It seems like a broken record. In addition to having degrees, certifications and experience. We are now supposed to glide seamlessly into the board room and converse equally well about business units and legal briefs. Its not enough to be technically competent, you’ve got to have a good golf game.
At Shmoocon in the closing plenary an audience member asked for a talk next year on preparing a 30 second security elevator talk. If you’re not familiar with the concept, it is that you have a brief elevator ride with an exec. You have their ear. How do you sell security before the door closes. My VP always asks “are we secure” when I see him. I’ve been told by my Infosec brethren that the answer is yes. Personally I think the answer is “HELL NO as long as users have local admin rights”. Or perhaps a joke, “you aren’t in handcuffs yet, so we must be doing something right.”.
Bill Brenner of CSO online obtained a good quote from the Hoff, Chris Hoff of Unisys and the Rational Security blog.
“The notion that everyone involved in security needs to be able to put themselves out there, get up and give a presentation to the board of directors is ridiculous. We still need skilled operators in the trenches, continuing to do what they do in the basement. Do I want to discourage someone who is fantastic at pen testing by telling them their career will be limited if they can’t put together a PowerPoint presentation for the board?