---

@Lamont29 wrote:

Once upon a time, there was an organization that did not appreciate the management skills of the middle manager who was largely successful at keeping the work synergies between the security team and disparate organizations – until that middle manage accepted another job. Then all hell seemed to have rained down on that organization that did not recognize that middle manager’s value. This is what irks me the most about the sentiments of organizations that don’t bother learn nor care about the overall health of their organization.

 

Veterans who have served in leadership positions seem to know this value better than most CIOs that I know. Of course, those military-experienced leaders should have been transformational or ‘servant leaders’ themselves. But yes, I think that (ISC)2 has tried to some extent to provide pointers to this soft skill, but it’s probably not given the treatment (and should not in the CISSP track) that it should be given. Over and beyond the CISSP, security professionals should go on and seek further management and soft skills. I will probably have to let go some very valuable technical professionals, because for too long, previous managers and supervisors have allowed a destructive attitude to prevail that causes poor morale in the environment – and that’s a shame!

 

It seems that we are no further now in the information security domain than we were times past when business managers identified the most technical professional and made them supervisors of their IT departments. It did not work then and it will not work now.

---

I like a could story that begins with "once upon a time". I echo your sentiments about organizational culture and caring about the health of an organization. Management impacts performance! From my vantage point middle-management has always had a short shelf-life in tech and that is super disruptive to staff unless they are used to having autonomy and just doing their job writing code and build software. I agree that promoting technical people into management doesn't work, they become micro-managers and that stifles innovation and causes mass turnover until they find the right minions to toe the line. What can we do to convince the senior execs and our friends in HR to make the right choices that will shape our future CISOs?

---

@Lamont29 wrote:

Once upon a time, there was an organization...

 

It seems that we are no further now in the information security domain than we were times past when business managers identified the most technical professional and made them supervisors of their IT departments. It did not work then and it will not work now.

---

I like a good story that begins with "once upon a time". I echo your sentiments about organizational culture and caring about the health of an organization. Management impacts performance! From my vantage point middle-management has always had a short shelf-life in tech and that is super disruptive to staff unless they are used to having autonomy and just doing their job writing code and build software. I agree that promoting technical people into management doesn't work, they become micro-managers and that stifles innovation and causes mass turnover until they find the right minions to toe the line. What can we do to convince the senior execs and our friends in HR to make the right choices that will shape our future CISOs?

And probably the other point to make is that it takes considerable time for middle managers to establish themselves and become trusted within many organisations. So if you have a high turnover your organisations strategies stall; most strategies being emergent rather than entirely top down.

 

I'd estimate it takes about 3 years to become widely known and trusted within an organisation. It takes that long, as whilst many can talk the talk, staff are canny enough to look for consistency over time and also that you deliver on what you commit to. Promises that aren't delivered on aren't forgotten easily.  And even those who you haven't promised a particular training course or on the job experience too can hold it against a manager.  There's really no substitute for getting to know the people you work with and what they're seeking by being there.

 

> Lamont29 (Community Champion) posted a new topic in Career on 07-25-2019 08:32

> This is what irks me the most about the sentiments of organizations that
> don't bother learn nor care about the overall health of their organization.

And "management" isn't "one size fits all": it comes in many shapes and sizes. As
only one example, for at least the past century, since companies started using
women in secretarial roles, the importance of the administrative and managerial
work done by secretaries has been disregarded. Most secretaries or EAs to senior
management actually fill office manager or middle manager roles (but, of course,
get paid more like front line workers).

After all, if a woman does it, it must be easy and unimportant, right? [1]






[1] - Just in case anyone missed the sarcasm, I want to make [badwords] clear that
this statement is decidedly *NOT* the opinion of the author ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
We do not cease to play because we grow old. We grow old because
we cease to play. - George Bernard Shaw
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Just wanted to share that we have some courses from PDI (aka free for (ISC)² members) that are somewhat related to this ... 

 

We have an immersive course on Strengthening Interpersonal Skills and an express learning course that just came out on Communicating with the C-Suite.