It’s 3 p.m. in the largest conference room at our San Diego office, and it’s filled with members of the engineering team—most of whom were sporting homemade, tinfoil hats. A room of 30 people wearing tinfoil hats intrigued passing co-workers. One of them remarked, “Tell the aliens I said hello.” For the record, I’m not an engineer. I sit in information security, also known as infosec.
The engineers wore their tinfoil hats as a sort of tribute to my infosec team members and me. Everyone knows tinfoil hats protect the brain from threats, largely from mind control and mind reading. (Editor’s note: This is not an official LifeLock position.)
Turns out, we actually don’t have such skills. But in most companies, infosec professionals are generally stereotyped as “the hammer” or “the police”—the folks who prevent you from doing what you want to do. The intent of this meeting was to try to show the engineering team the true role and value of the infosec team.
The simplest way to describe an information security team is as a business enabler that allows the company to operate securely in an ever-changing threat landscape. The tinfoil hat is symbolic of what information security professionals do on an ongoing basis—they work to protect their corporate networks from various cyber threats and attacks, ranging from distributed denial of service (DDoS) attacks to malware infections to attempted access from unauthorized sources. We also work with our colleagues across the company to deliver—securely—on business goals and objectives.
And it’s right in line with our CEO’s approach. As Hilary Schneider shared earlier this year in remarks before the National Retail Federation, “Data protection must be the new corporate social responsibility mandate…Our customers—all our constituencies—trust that helping protect them is our top priority.” In her remarks and this blog post, Hilary gave credit to John Kindervag, senior analyst at Forrester Research for this concept.
Today’s meeting reminded me how important it is to keep an open dialogue between internal teams—to anticipate and resolve challenges quickly. Security policies, controls, and tools are deployed in order to protect the company’s assets and data—in our case that includes member and customer information. Still, this can sometimes affect my colleagues’ user experience. That can create friction between teams.
Not unlike your local police department, infosec wants to serve and protect—serve our business partners, so that they can deliver new products and services for our members and customers, and protect the company’s assets. It’s important that we all talk to each other, so that infosec knows when our processes, policies, and mandates create friction for the engineers (and others) and can work to reduce, if not eliminate, that friction.
Tinfoil hats and WD-40
Our members and customers should know that we’re on the same team–working to deliver the best products and services. Oh, and that tinfoil hats are not normal attire. They’re brought out on only special occasions. (Infosec colleague Charlie Cam and I model ours below.)
For my next meeting with engineers, I’m trying to think of what we can do in response—maybe bring along cans of WD-40, to show our commitment to reducing friction and helping our projects together run smoothly, so that we can deliver the best possible products and services for you, our members and customers.
Posted by LifeLock Cyber Defense Operations Director Dina Steinke