Are You An Accidental Security Officer?

By Rich Loeber

How can you be a more effective security officer given that you probably are in the job completely by accident? This tip will explore this idea and provide some suggestions for you.

Computer Security, as a specialty, is still fairly new. Chances are, you did not get into this field by taking it as a major in college or going to a technical school and specializing in the field. As I look back over my career, I can recall lots of people who ended up working in various segments of IT who came from some of the wildest original intentions. One guy I worked with came from a background as a pitcher for the Pittsburgh Pirates followed by a long career as a plant manager for a chemical plant. Another started out in college to be a psychiatrist. For my part, I never even went to college but got started in IT right out of high school working as an input/output control clerk. I suspect that we are all "accidental" security officers.

So, how do you become an effective security officer considering that your training and education probably did not prepare you for it? It's a very good question to ask yourself.

I recently published a couple of tips about how to learn the security officer position. I encourage you to check these two articles out, Learning To Be A Security Officer and Learning .... Part 2, as a starting point. But, for today's consideration, you need to do some introspection before heading out to become a better security officer.

A lot depends on what you did prepare for in your career. If you prepared to become a programmer, then you probably don't need to concentrate on the programming aspects of the security officer function. In fact, you may have a tendency to stick with these tasks because they are most familiar to you and you are very comfortable with them. It is a fact of human nature that we tend to go where we are appreciated and where we can demonstrate competency. So, if you find yourself hanging around where you already know how things work .... it is time to move out.

To become an effective security officer, you need to back fill the areas of learning that you never prepared for in the first place. This is where the introspection comes in. For my part, I started out as an application programmer. When I got to the whole area of security, it was a new arena for me and I found that communications and networking were my weakest spots. I still have trouble fully understanding how TCP/IP works and how to really secure it so that it is foolproof (if that is even possible). Worse, the people who do know how TCP/IP works all appear to speak a foreign language that is liberally peppered with three and four character acronyms that I'm supposed to know the meaning of.

Once you've identified your "weak" area or areas, then you need to identify resources that can help you to understand concepts and strengthen your security consciousness. I always try to start by finding a peer or an associate who knows that stuff and pick their brain. Then, I see if they can give me recommendations on reading materials, websites and publications that can help.

I also have to confess to you that I am still a reader of technical manuals and IBM Redbooks. Having them all on-line is a real benefit these days and when I have spare time, I will often go browsing in the manuals library to find what's new and see things that I haven't read before. I know that the manuals can be pretty dry reading, but they really do contain the manufacturer's explanation of how things are supposed to work.

I'd love to hear from you if anything here strikes a chord with you. Do you have an unusual story of how you ended up as an accidental security officer? Send it in. You can reach me at rich at kisco dot com, All email messages will be answered as quickly as possible.