Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in our space are relatively well documented already, however, anyone familiar with Cialdini knows that commitment serves to reinforce positions and not promote compromise or learning. Not surprisingly, nobody changed sides. In fact, nobody moved an inch (or maybe that’s a “teeny-tiny bit” for those quant-averse participants).
More importantly, nobody is budging because there is nothing new here. Mike simply took semi-random potshots at risk quantification, used a lot of potty language and then sat back. Perhaps the most… Continue reading: Attention InfoSec Pros: measuring risk is in your future
(is that title the proper English spelling of two kids disagreeing? who knows…)
Andrew Gelman’s enlightening blog points to a great example how scientific research helps us get smarter. He excerpts:
Three articles published [by Brett Pelham et al.] have shown that a disproportionate share of people choose spouses, places to live, and occupations with names similar to their own. These findings, interpreted as evidence of implicit egotism, are included in most modern social psychology textbooks and many university courses. The current article successfully replicates the original findings but shows that they are most likely caused by a combination of cohort, geographic, and ethnic confounds as well as reverse causality.
[Unfortunately, the entire original appears to be behind a paywall.]
The studies… Continue reading: Nuh, uh; Yuh, huh
Susan Hall at IT Business Edge revisits hard-to-quantify achievements and resume writing –
While wrapping up my post on hard-to-quantify achievements, it occurred to me that one of the examples sent in by Diana Kelley, founder of Security Curve, illustrates other resume-writing advice. A device known as SAR – situation, action, result – can provide structure to your stated achievements in resume writing and in interviewing.
Here’s what Kelley wrote: Achievement: Changed password policy. Wording: Using SIEM and monitoring tools, identified high level of password resets on two critical systems (the situation.) After completing risk assessment work, managed password life-cycle change from 30 to 90 days, (the action) which reduced help desk calls by 40 percent and resulted in… Continue reading: SAR: Situation, Action, Result and Hard-to-Quantify Achievements
Susan Hall just posted a piece over at IT Business Edge to help resume writers with concrete advice on how to word achievements that are hard to quantify.
My contribution was:
Also responding was Diana Kelley, founder of Security Curve. She’s a 20-year veteran of IT security and former IT hiring manager. Per my request, she offered specific examples of the resume wording she would use:
1. Achievement: No data loss-related security incidents.
Wording: Put into place data-access controls and data leak prevention tools that resulted in no data breach events for the 38 weeks since implementation.
2. Achievement: Helped with audits.
Wording: Prepared and completed pre-audit checklists for PCI and HIPAA compliance. Organization passed both audits for 2009 and 2010.
3. Achievement:… Continue reading: What if Your Achievements Are Hard to Quantify?
 So, I realize this came out a while back, but I was re-reading the interesting read today over at the NY Times about the hidden costs of extra airport security.
Basically the point of the article is that the TSA backscatter imaging scanners, when they create a backlash, have a hidden cost in terms of overall airport traffic. That, in turn, has an impact on the aviation industry’s economics. And that, in turn, impacts the economy as a whole. Most folks are familiar with this line of thinking already, but what struck me was the way that they systematically studied the decreased traffic effect to see whether there was a… Continue reading: Half-baked idea #222: Risk Management, RoI, and Hidden Costs
|
|
