Not Enough

In his book, Ego is the Enemy, Ryan Holiday observes that "...if a fighter is not capable of learning and practicing everyday, if he is not relentlessly looking for areas of improvement, examining his own shortcomings and finding new techniques to borrow from peers and opponents, he will be broken down and destroyed...". History is littered with countless examples of once great organizations, professionals, regimes and celebrities who fell from grace to grass for failing to continually evaluate and change their way of doing things. Some of these organizations and individuals saw it easy and convenient to burry their heads in the sand on the face of impending change and disruption. Others told themselves that they were the best in their respective fields and therefore impervious to the waves of change and competition. The end result to these entities was stagnation, oblivion and failure.

Innovations and new ways of doing things are a constant denominator in every craft and profession. Within the realms of corporate security risk management, experience has taught us that threat actors keep becoming better at exploiting vulnerabilities in our environments. In some instances, Security Professionals are a step behind attackers. That is why we have to continually update that antimalware software so that it can be able to identify and block the latest malware out there. That is why we have to run a security risk assessment of our operating environments or run a vulnerability scan of our systems every so often.

To remain relevant and effective in the face of constant change in corporate security risk management, a professional ought to embrace lifelong learning. Those extended years of experience, that degree or certification is just part of a bigger scheme of things. Knowledge of any kind has a tendency of growing in size and complexity courtesy of research and real life experiences. What you know now will most likely change in the next few days, weeks or years. This is part of the reason why most professional organization require their members to continually learn. Continuous learning ensures that you remain serviceable, relevant and current in your line of work. Failure to continuously learn will inadvertently make you irrelevant and out of touch with your profession or craft. Alvin Toffler view that the illiterate of the 21st are those that cannot learn, unlearn and relearn should be your constant reminder that we live in a constantly changing environment and the only way out is to avoid being stationery.

Professional Associations are a critical source of cutting edge knowledge in your field. Some of them conduct or sponsor research in various areas that they feel are important to the advancement of the profession and their members. The research outcomes are in most cases shared to members for free. Members in these associations also share valuable experiences that they have encountered in their line of work during meetings, conferences or in publications run by the association.

Being a mentor or a mentee presents immense opportunities from either side. To be effective, a Security Professional needs to have someone better that they can learn from, someone lesser who the can teach and someone equal that they can challenge themselves against. This therefore means that mentoring has a positive boomerang effect on both the mentor and the mentee. Make it a point to look for a mentor and mentee; for constructive growth you ought be giving and receiving professional advise and guidance at the same time.

Professor Feynman demonstrated that if you want to learn anything, teach it. As a Security Professional embrace opportunities to make presentations in conferences, seminars or schools. These experiences provide opportunities to deeply understand complex concepts in your line work. You will also likely be challenged by your audience and peers through questions or feedback. You will then use these questions and feedback to improve your comprehension of what you were teaching.

As I conclude, it is important to emphasize that Security Professionals should avoid the trap of self entitlement. This is because it blurs our vision and self-awareness. You cannot know all that there is to learn and understand in our field. So keep learning, teaching, embracing feedback (whether negative or positive) and reaching out to peers in your field.

Thank you for reading, if you have any feedback please share it in the comment section or by sending me a message. You can also reach me on smnmuriuki@gmail.com.