An essential infosec skill: Humility

What does a CISO need to ensure the organization is secure? Money? Skilled staff?  Leading edge technology? Knowledgeable employees who don’t click on every link they see in messages? All that, to be sure.

There are also some personal skills, including cunning, discipline and patience,

But Ken Westin, a senior security analyst at Tripwire Inc. suggests another quality: Humility. In a blog he suggests that is one of the essential traits an infosec leader needs these days. Why? Because you won’t learn otherwise.

“Some of the most successful people I know in technology and security view “I don’t know” not as an admittance of failure, or giving up, or to get defensive,” he writes, “but as a challenge to learn and collaborate.”

The more one learns about IT security, he believes, the more one realizes knowing everything is impossible — and therefore the more one respect people willing to share their expertise.

It’s an interesting observation, and one that is important in an era when well-funded criminal organizations as well as nation-states are seemingly attacking and penetrating organizations at will. Collaboration is a tremendous defensive weapon that hasn’t been leveraged to the fullest yet.

Some Canadian industries, such as the financial sector, have extensive co-operative infosec mechanisms between normally competitive institutions that should be copied. Does the industry your organization is in encourage IT security pros to collaborate? Does your CEO encourage it? At the very least does the industry have a trade association that acts as a clearing house for security alerts? These are the ways you and your colleagues will learn from each other.

One thing’s certain: If infosec pros don’t share what they know, attackers have a tremendous advantage.

Let us know in the comments section below if you think there’s enough infosec sharing in your sector — and if not, what should be done about it.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web