Tactical Advice

What My Love for the Yankees Taught Me About IT Security

The key to success with security lies in finding common ground with coworkers and peers.
This story appears in the Fall 2012 issue of BizTech Magazine.

Recently, during an early morning walk, I noticed a guy in a truck intently watching me as I stepped over some rocks. Before I could figure out his intentions, he sprang from his truck and said something to me. Focused on where I was walking and not expecting a conversation, I missed what he said.

I responded with an awkward, “What?”

His eyes locked on mine and his face broke into a smile as he pointed to my ­Yankees hat and commented, “Good game last night, right?” I then noticed the Yankees license plate on the front of his truck, smiled back and said, “Good pitching saved the day.”

We smiled, exchanged “Go Yanks!” and bid each other a good day.

I pondered the conversation the rest of the walk home. When I got back, I noticed my neighbor’s car had a Yankees logo on the rear window and I smiled. Later that evening, while driving around town, I took note of every person or car that had a Yankees logo.

In life, it is natural to find affinities. It creates a level of comfort and common ground with others. These same natural affinities many of us enjoy offer a powerful insight into how we can improve the way we practice security.

To build a security team that creates a natural affinity with people who might join or support it, start by considering three ­basic levels of interest people have in IT security:

  • Uninterested: Those who either know enough to protect their own information and resources, or for whatever reason are not interested in seeking help.
  • Interested: People who want help and guidance in securing information and ­resources.
  • Uncertain: Some people are on the fence. They seek more information before deciding if they can help themselves or need help from someone else.

Recognizing the different roles and needs of people is important because it helps define the team, including how the team is perceived and what the team is known for.

In my experience, it is important to build a team focused on helping others; instead of saying, “no,” seek ways to say “yes.” Invest the time and effort to explain security concepts in a way that’s easily understood.

By forming a team that focuses on the needs of others — both those who are direct­ly interested in security and those who are not — it is possible to create an affinity with everyone to come share their knowledge, ask questions and get the validation, support and results they seek.

The Affinity Approach

To be fair, while many love the Yankees, not everyone is a fan. Sports can be polarizing, but other affinities can serve as good models to consider. Cars or photography, for example, are other affinities that draw people together. Regardless of what bonds your team, the most important thing is that each member engages, contributes and supports the group’s overall efforts.

We need to not only create the team, but also create a reason for people to join the team. Instead of focusing energy on those who don’t need (or don’t think they need) the counsel of a security professional, focus instead on those who do or those who seek more information.

In the process, people who may not be security professionals by title, but who have the experience and interest to contribute, are welcome too. By setting a goal of broad inclusion and helping people make better decisions, the company can improve the entire practice of security.

Sign up for our e-newsletter

About the Author

Michael Santarcangelo

Michael Santarcangelo is the founder of ­Security Catalyst. Learn more at securitycatalyst.com or on Twitter @catalyst.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.