Use Your CISSP Certification to Be an Agent of Change

By Lawrence C. Miller, Peter H. Gregory

As a certified security professional, someone with a Certified Information Systems Security Professional (CISSP) credential, you’re an agent of change in your organization: The state of threats and regulations is ever-changing, and you must respond by ensuring that your employer’s environment and policies continue to defend your employer’s assets against harm. Here are some of the important principles regarding successful agents of change:

  • Identify and promote only essential changes.
  • Promote only those changes that have a chance to succeed.
  • Anticipate sources of resistance.
  • Distinguish resistance from well-founded criticism.
  • Involve all affected parties the right way.
  • Don’t promise what you can’t deliver.
  • Use sponsors, partners, and collaborators as co-agents of change.
  • Change metrics and rewards to support the changing world.
  • Provide training.
  • Celebrate all successes.

Your job as a security professional doesn’t involve preaching; instead, you need to recognize opportunities for improvement and lower risks to the business. Work within your organization’s structure to bring about change in the right way. That’s the best way to reduce security risks.