- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Learning to say no in your security career
Security has the reputation of being the “Department of ‘No.’” No, that risk is too great. No, we can’t take the chance. No, the likelihood of failure is too high. Most of us in the profession believe that the role of the security executive is not to say “no,” but to lay out the risks, costs, relevant factors and let the business or asset owner make an informed decision whether to go forward.
On a personal level, however, it’s imperative to sometimes offer a firm “no.” Not on whether to take a risk, but whether to take on a new role or responsibility, volunteer at an association, earn a credential present at a conference, help with a job search, write an article, or take on a mentee.
During the COVID-19 pandemic, security departments found themselves with new duties, some of which naturally aligned with their mission — such as business continuity — and some that appeared to be one-offs, such as enforcing masking rules and making decisions on air filtration. In the aftermath, some security departments gained lasting health and safety duties without a concomitant increase in resources. In an emergency, saying no can kill your career and cripple your employer.
But most of the requests we receive don’t involve emergencies.
We all want to prove our value, pull our weight, support the team. Most of us are inherent helpers, protectors, and all-around doers. It’s in our DNA. But saying no appropriately and strategically goes to the heart of leadership.
I should know. I’ve never mastered it. And I’m not alone.
I asked a couple of colleagues to weigh in on this issue — a C suite advisor/consultant and a corporate security executive.
“I have to admit, I also struggle with saying no,” says Angela Scalpello, a Corporate Advisor who often works with security professionals. She has developed a system for evaluating requests for her time and assistance. “I ask for more time. Then I sit with the feeling of ‘how will I feel if I say yes?’” she explains. “If it’s overwhelmed, or stressed, or slightly resentful, I know I need to say no.” The process doesn’t end there. “Then I sit again, and if I feel I need to make time [for the request], I feel more guided.”
What about the feeling of guilt or sense you’ve let someone down?
“Sometimes I think, ‘Why is everyone else allowed to say no except me?’” Scalpello says. “The ability to choose wisely makes us more effective in the things we say yes to.”
As a security leader, Farhad Tajali, Director, Global Security Systems and Data Analytics at Creative Artists Agency, must team with various internal stakeholders as well as executive leadership. He notes that saying “yes” Is often seen as a facilitator of business and positive collaboration. But saying no is critical for being an effective leader. Saying no may be a way to uphold standards and protocols, prevent overextension of resources, and “protect against security threats that may arise from taking on too many projects and commitments,” Tajali says. “Additionally, saying no can help maintain strategic focus, ensuring that the organization’s security posture aligns with its overall goals and risk tolerance.”
Saying yes to everyone and everything also takes a personal toll. “Self-care, especially in [the security] profession, is really important,” Scalpello says. “Saying yes to yourself is critical, and you only have time to say that if you give yourself permission to say no to others.”
Letting someone down is easier if you don’t make it personal. If your boss asks you to do something that is voluntary or tangential to your job, an effective response might be that you fear that you may not be able to accomplish the task at your traditional level of excellence given constraints such as time and resources. In that case, saying no benefits the department and the organization.
For requests that don’t come from a direct superior, such as to co-present at a conference or actively help them search for a job, Scalpello sums it up nicely: “The question to ask yourself is, do I really believe in the person and the purpose, and do I really have the bandwidth to do this?”