Diversity in security
The advancement of security disciplines, as with all professions, requires constant innovation. Professional development at the individual and team level are the most common approaches to achieve this, as we examine our goals and build strategies to achieve them.
As we develop as security practitioners and expand our understanding of our multifaceted industry we may discover surprising and revelatory resources beyond our usual scope of learning. It is by broadening our focus and examining diverse sources of information that we increase our development potential.
Diversity is a quality that is naturally integrated into much of what we do but it is worth looking at how we capitalise on the potential benefits. The risk of becoming stagnant or obsolete in an ever-changing world can be mitigated through intelligent application of these principles. It may be that diversity is the key to the security of your business’s future.
As a team of security professionals work together for an extended period of time, a consensus of thought can develop. This is usually encouraged - and for good reason - as the '(Company) Way of Doing Things'. Unfortunately, where points of view within a team become narrower over time, the opportunity for innovation can be lost.
Much as people walking the same route over grass will wear a path over time and those that follow will naturally follow that path, going through the motions of developing a security design, following the same path over and over, will lead you to the same destination. This can become dangerous for the professional development of the individual and the team, particularly if this destination, or outcome, is encouraged as the only destination that ever needs to be arrived at.
The approach of 'this is the way we’ve always done it' style groupthink can lead to stagnation of design philosophy instead of fostering a culture of innovation. Embracing differences in approach and mindset to realise a team’s full potential has been harnessed in the broader tech industry in recent years as ‘Diversity of Thought’.
One of the more unique characteristics of security professionals is the diversity of backgrounds evident in the industry today. Go to any security industry meeting or event and you will find a broad range of experience, from military and policing backgrounds, to those that started out in technical trades, and since the early 2000’s an increasing number those with tertiary security qualifications.
The unique insight these diverse backgrounds bring to the table presents a challenge or an opportunity, depending on the perspective from which they’re received. If an organisation aims to corral their security team into a single means of approaching a problem, then the challenge will always be forcing team members to conform to this narrow focus. Alternatively, if the decision is made the embrace the broad experiences of team members, this can be developed into powerful tool for both shaping innovative solutions, and reassessing existing methodologies.
We’re often told to 'question our assumptions' or of the value of a 'fresh pair of eyes' considering a problem, and the above is an example of developing the tools to achieve this not just as a single instance, but as an ongoing drive for improvement within an organisation. Having the capability to question and review how a team approaches a task represents a significant asset for any organisation, from a QA perspective, and in developing design excellence.
In reality, we can see examples of this at various levels of scale. When in the early 2000’s, the United States drastically expanded their domestic security apparatus, they looked to the United Kingdom and other nations for examples of surveillance, screening, and security operations and created their Department of Homeland Security based in-part on the UK Home Office. Police and Military units all over the world engage in cross-training with other units and friendly nations to learn from diverse sources and discover new strategies and solutions.
Most security professionals seek out diverse opinions through journal articles, case studies and industry conferences. These are conducted as the norm for professional development activities but it is important to recognise why we undertake these tasks and the value they can ultimately provide for the individual and the organisation.