4 Do's and Don'ts of NetworkingIt Really Does Come Down to Who You Know
Earlier this year, an Israeli credit card company and Anti Drug Authority were hacked. A Saudi hacker was responsible. Soon after, a cyber war began to brew between the hackers of Israel and Saudi Arabia, and Israeli hackers retaliated by hacking the websites of two major Arab banks.
See Also: Threat Report: 2022 State of the Phish
This was big news for Abbas Kudrati, information security manager at the National Bank of Kuwait, as he needed relevant information about these crimes quickly, so he could take action to protect his institution.
Through his personal network, Kudrati immediately received alerts letting him know about the incident and possible measures he needed to address.
"If I would not have been connected with other CISOs and business leaders, the incident would have adversely impacted our bank," Kudrati says. "It was purely my networking that saved us and gave us time to defend ourselves appropriately."
Kudrati's experience illustrates the power of networking. CISOs today spend up to 30 percent of their time building and nurturing global networks both internally and externally to remain updated on threats, new product applications, career opportunities and exchange ideas around the overall management of security.
"Networking is more crucial now because there is so much going on in so many places that if you don't have a valuable network of people, you literally struggle to be an effective security leader," says Theresa Masse, chief information security officer for the State of Oregon. "As a leader, you can't be everywhere, so you need other people watching out for you."
Within their own organizations, CISOs find that building close relationships with chief technical officers, IT architects, project managers and senior business leaders helps in solving IT security issues as a team.
For instance, during routine penetration studies, John South, CISO at Heartland Payment Systems, a payments processing company, often finds a few codes that need to be modified to close vulnerabilities within the infrastructure. His close association with his coworkers actually helps in easing the process, as they work as a team to fix the problem rather than pointing fingers at each other. "I always find that creating that bond with people helps in accomplishing greater team effort, rather than us writing and enforcing a policy," South says.
For Masse, building internal networks with state and local agency directors is crucial to gain their trust, support and partnership to implement IT security initiatives at the enterprise level.
"They need to know who you are as a leader," Masse says. "Especially when budgets and resources are less, it's these relationships that you can bank on to get more cooperation and engagement."
Externally, these security leaders build strong relationships with other CISOs, CIOs, researchers and the vendor community to stay updated on trends, threats, current topics and new product applications.
"Security is no longer just a company's issue or problem. Its reach and impact is beyond an industry's scope," Kudrati says. "Today we all need a certain level of security, and only building a good network can strengthen the safety of our operations."
Building Global Networks
To build global relations, CISOs actively participate as members with professional training organizations including (ISC)2 and ISACA. In addition, they connect with leaders through social media channels such as LinkedIn. Nationally, they spend substantial time meeting other executives in formal settings such as CISO Executive Forum, and conferences such as RSA, Gartner and other vendor-hosted events. "The formal meetings end up introducing everyone, and there is always an opportunity to meet someone valuable through these avenues," South says.
Informally, leaders engage in frequent lunch meetings, team-building engagements, phone conversations and e-mails with their internal and external relationships. "I don't hesitate to pick up the phone and say, 'Hey are you seeing this; what are you doing about it?'" Masse says. "Or internally, I schedule meetings to know what my team members and directors are thinking."
The benefits of networking include the ability to share and pass information to help other leaders be effective, to have people around to discuss ideas and to establish relationships that further strengthen the industry.
"It's absolutely a two-way street," South says. "If you are not sharing, but only taking, then it does not benefit the process."
But security leaders point out that there are bad ways to network, too. "Bad networking is either being too aggressive or persistent," Masse says. "No one wants to feel someone else is just using them or is only concerned about their own best interest."
Do's and Don'ts of Networking
The four do's and don'ts of networking include:
- Do Engage in Networking with the Right People: Masse's approach has been to indentify the right people in leadership roles internally and externally, and then building relationships with them. "If you are targeting folks in your profession, or area of interest, you are bound to connect with a few good people who may then recommend others to contact," she says.
- Don't Share More Than Basic Information: Kudrati usually shares information related to his work profile, current news and credentials as he networks with his peers and others. He totally avoids communicating any company-sensitive and critical project-related information, or any details on new products and applications. In addition, he abstains from negative discussions involving senior management. "Use your common sense in sharing information while networking," Kudrati says. "Over-sharing information can get you in trouble and impact your credibility adversely."
- Do Expand Your Reach: It is critical for CISOs to go beyond their counterparts and establish relations with vendors, researchers, business leaders and analysts to better understand IT security trends, IT's impact on business and the need for appropriate investment in emerging tools. South maintains good relationships with groups such as the electronic crime taskforce, InfraGard, the Financial Services Information Sharing and Analysis Center and U.S. Secret Service to ensure he's doing his best to create a pipeline of contacts when the need arises. "These alliances are really exposing the CISO role and pushing them outwards in being able to share and receive information that can help them secure the industry."
- Don't Use Networking For Your Interest Alone: Using networking only as a means of self promotion, trying to sell something or because you're desperate for a job is a bad idea, Masse says. These actions defeat the whole purpose of networking and lessen the leader's credibility within the industry.
"Good networking involves getting out and letting people know who you are, sharing your thoughts, ideas and creating respect for what you do," she says.