It’s an exciting experience when you get your first leadership role to build, run and manage a function, whether it’s an IT function or an Information Security function. You want to do a good job, make a good impression and shine within your organisation. When reality sinks in, that excitement brings along a bit of nervousness with it. Because you want to get everything right.
I had this experience when I landed my first role to build and run a Security Operations function. It was an exciting period of my life and 2 years went past really quickly. One thought that always kept coming in my mind was, “Am I running my security operations function very effectively?” But then it’s not easy to discuss this with your manager, superiors or your peers because you want to be seen as a confident and a successful leader.
I moved jobs, changed countries and went on to do variety of roles since then. But this question never left my mind. What really helped me in reaching a conclusion were my learnings from my experience of running a startup consulting business. Finally, I came to the following conclusion:
There are number of areas where security functions either miss out or don’t do enough. We can be much more effective by running a security function as our own consulting business even though it’s part of an end user organisation.
Here is the mind map that describes the thought process behind this conclusion. Considering, there is a lot to explain about this mind map; it’s quite difficult to describe this in one blog post so I am going to write a series of blog posts explaining each box on this mind map. Finally, I will write one short blog post that will summarise all concepts.
Finally, I would like to leave you with the thought that we can be much more successful and effective in running and managing an information security function simply by “RUNNING SECURITY FUNCTION AS OUR OWN CONSULTING BUSINESS.”
Stay tuned for the next blog post where I will explain “Something to offer (Service or Product)” box on this mind map.