A Tale of Two Cultures: Cool or Vigilant. Can the Security Industry Have Both?

Posted on June 06, 2014 by Alex Bender

TimetoChange We live in an age when a company’s “cool corporate culture” can actually come to influence them as a brand. Multi-billion dollar company Google offers an open, startup-like culture with an office layout that encourages spontaneous interactions. Earlier this year, the media was abuzz with the news that popular online shoe and clothing shop Zappos would transform itself from a traditional organizational structure to a Holacracy. By the end of 2014, Zappos plans to be a self-governing organization where things like job titles and managers do not exist. Are these cultures just a fad? Are they worth it?

Cartoonist and author Hugh MacLeod would argue that they are. In a recent blog post on Gapingvoid, MacLeod contends that “culture” is not just another business fad, but actually something so important that the changes it will bring to society will be vast.

According to MacLeod, “The nature of work is changing. People’s relationship with work is changing.” Expectations of constant connectivity have changed the game. Whether you agree with MacLeod or not, I think few would deny that our relationship with work – and what our companies and business partners expect our relationship with work to be – has shifted. Perhaps companies like Google and Zappos are attempting to make up for this new expectation of “always-connectedness” by offering cool cultures that alleviate some of that burden – or at least distract from it.

I know what you’re about to ask: “But Alex, what does this shift mean for the security industry?” Well, the nature of how we do business has transformed, forcing us to rethink security as a whole. These “cool” cultures have created the proliferation of applications to the point where security is more important than ever. We talk ad nauseam about terms like mobility, bring-your-own-device (BYOD) and the cloud; all of which are already imbedded as the new norms. But what other trends and technologies will the coming years bring?

Just as companies like Google and Zappos are making us rethink what work and office cultures should be today, security professionals are realizing that the culture surrounding security and IT is transforming, as well. The fact that IT and security are associated with every business process and interaction will make security professionals rethink how they deliver against the goals of the business.

Just take a look at DevOps. The IT and security industry has started to embrace this new way of delivering everything from Software as a Service (SaaS) products to product functionality in order to keep up with the rapidly changing business culture and promote better communication. We are seeing influencers like Gene Kim working to bring together thought leaders in the world of DevOps to help drive this cultural change.

Taking the growing movement around DevOps as an example, I’m excited to see those in the IT and security space focusing on what is not working and finding a way to make it better. I’m energized and hopeful about this new security culture and the fact that those involved are working to be change agents and not just watching things from the sidelines. Who’s with me?

To continue discussions like this follow Alex on Twitter: @alexebender

Contributors

Alex Bender

, RSAC

unmanaged devices mobile security professional development & workforce

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.