Working for the Federal Gov't in Cybersecurity isn't usually the most exciting job in the world. There are moments, but the level of compliance in this workspace can take its toll on even the most open-minded and eager. Looking for suggestions from both the private and public sectors on how to help keep the job from becoming a chore and folks becoming complacent. I'm sure we're not the only organization struggling with this.
Just plug in that awesome looking Star Wars novelty USB stick you found in the carpark. It will soon become very interesting and unpredictable... 😉
Right sort of humor is of course essential, and here's some random thoughts.
When I was in the engine room we used to have a 'buy doughnuts for the team' policy if someone could access an unlocked computer. Would probably get arrested these days.
Role plays, scenarios all come into it - particularly on walk through's of incidents - have teams members research a technology and report back. Aim to send people to conferences, with objectives in pairs. Most of what keeps people ticking in people, or at least talking to them.
Run new technology evaluations, compare pros and cons for them. Ask for the ream to think how they would defeat these controls.
Have a mentorship program people can join.
Give people a path with a degree in it at the right level, a long team goal makes the drudgery go quicker.
Trust me when I say this, it's not just Cyber Security in the Federal Gov. I've been working for the Fed Gov space now for 7 years. Came from the private sector. The Fed Gov just moves too **bleep** slow!!! I'm not talking weeks, but YEARS!! In all areas. There are some real go getters. Some real pro-active people in the Gov that truly want to do great things, but there is such a bureaucracy that it just brings just about everything to a crawl. You have to be strong and stay true to who you are. Not give in to the lackadaisical attitudes that you run into. You can make a difference! I do, but not as fast as I would like to. Hang out with strong people like yourself. Don't give in. When you go home at night you KNOW you did your best no matter the obstacles thrown your way. That's how I handle every single day since I started. My goal is to make a difference. I'm not here to be liked. Respect is key. Earn your respect. Respect is golden...
Great points by Gunner.....
Government work is certainly different from private sector as motivations and rewards are entirely different.
That said, if your job in cybersecurity ins't "fresh" and challenging, you're doing cybersecurity wrong. 🙂
Having worked in the government for 20+ years I can offer my experience,
I got my start in information security by asking my boss who monitored the antivirus server console. She said "No one." I asked her if I could monitor it while waiting for the backup server to finish. She said yes and I got my start. I have constantly found that there are a lot of tasks going undone in the government because so few people want to take them on. Due to my initiative I was able to set up test networks, hacking networks, lab type environments, etc just by asking for permission.
Once I got into leadership I looked for the things that were opportunities. My goveie shop had become glorified paper pushers. I knew that type of work couldn't last forever so I set out to find work for them. I went through our entire industrial complex looking for Shadow IT that no one was maintaining, providing security or providing lifecylce support for. I also encouraged free-thinking and creativity. I setup a test network so my staff could practice hacking skills. I pushed for them to get education and training.
If you want to make it interesting look for the jobs going undone and don't be afraid to ask. A lot of times in the government, due to regulations, the government people have become the department of No. You need to find a way to turn it into the department of innovation. I guarantee there are opportunities out there just waiting to be found. It's up to you to take the reigns and go get it.
Thanks for your input. If you're reading this thread, I hope you realize the value of CISOScott's insights here. Take them to heart. THIS is how you get started, then find ways to male a real difference.
'cd' is such an underestimated Linux command. Is there an equivalent on Windows?