I am guessing most of the readers of this blog are in the University of Washington’s Masters of Science in Information Management (MSIM) program. For those that aren’t, the MSIM program focuses on connecting Technology, People and Information. I am sure you have heard the statistics about how much information is out there. With the advancement of the internet, we have caused the amount of information in the world to explode. All of this is well and good but the problem arises when you try to make sense of the information. I was watching a TED talk recently that was basically an overview of what the MSIM program is without meaning to. The talk is given by Thomas Goetz and it focuses on two things, first the use of fear to accomplish things and secondly the idea that more medical problems could be solved not by better medicine but by better information presentation.
As a security professional the idea that fear wasn’t the best way to relay information was something that I hadn’t considered before. If you have heard any sort of talk in regards to Computer Security you have heard that a hacker can steal you identity, your bank account and with a little effort your first-born. Okay so I am exaggerating a little but every talk I have given or heard about Computer Security has been about the negative effects of not securing your network. Then after giving presentations about how there is never a secure system they wonder why executives haven’t approved their expanded budgets. I believe we, as security professionals, are going about this all wrong. Instead of focusing on how impossible security is, we need to start focusing on how we can make the network better overall with the enhancements that security brings. In this realm I have found that UX people do a good job for the most part. When they make a presentation about a new website design they don’t sit there and say how little traffic and how confusing the current User Interface (UI) is and then sit down. They quickly go over part of the problems the current UI and then go on to show how well their UI will work and what it can bring to the table. Now this might just be an issue for Security professionals but I have a feeling it isn’t. Overall, as professionals, we need to focus on the idea that has been thrown around this blog, and that is the Value Added principle. Focus on what value you are going to add to the company and how much it will help in the short and long-term.
Now as a final statement, this doesn’t only apply to people working. If you are looking for a job focus on what you can do for the company. If you can get the other person even a little bit excited about what you could do for them or the potential you have to help their company you will stay in their mind. And believe me the more good things you give the interviewer to remember you by the better.
Now I realize that this may not be new to most of you but I found the talk incredibly interesting. I have a link to it below in case anyone is interested. What are you thoughts? Is it better to go all positive? Are there any drawbacks of only focusing on the Positive? Or is it better to talk about a combination of fear and potential?