The best IT security managers admit their mistakes

Ever spend time working on policies, solutions and messages only to be ignored or cast aside? Worse, after spending the time to build a solution, are people simply not responding?

Last month I shared the “pink sticky approach” and why it often backfires and complicates the situation. There is more to the story. I learned about the “pink sticky approach” after keynoting a conference. During an open panel, a woman stood up to ask for help improving compliance with the privacy policy. She described how she used the pink stickies and was confused why it led to less compliance instead of more.

Related stories

Remote workers ignore employer’s Internet policies

Top 10 skills you need to succeed as a project manager

But when we delved a bit deeper, we uncovered that she perfectly adhered to the privacy policy. In fairness, she felt that if she was responsible for the policy, she had an obligation to follow it to the letter. So to those she was judging with the pink stickies, she was “perfect.”

After listening, I asked a simple question, “Did you always follow the policy?” Her answer was expected: No, she didn’t. So I asked her if she had an “aha” moment where it came clear and she changed her ways. She did. Then I asked if she had shared that moment with others. She had not.

That was her opportunity missed.

If she had shared her own experience as an example, she would likely have connected with those she served. This connection makes her human in their eyes and allows them to draw on her experiences to shape their actions. After all, no one is perfect, and we tend to respond differently to each other on human levels.

Here is why hiding mistakes and “aha moments” backfires: The perception people form of the perfection of those designing the solution works against intention. Simply stated, if we appear to have no flaws when presenting the message, we sacrifice authenticity and the ability to connect.

We are approaching a time where people want to take back responsibility, but they may not know how. If we show them the way at work, we win. It’s not about inflicting pain. It’s about moving people closer to the consequences of their actions and then being there to engage them in conversation. In the process we learn, they learn and we figure out how to grow.

The mistake is to think we’re smarter or know more. We don’t. We have a different experience. So we have to engage.Three things we can do:

1. Admit our mistakes and share our experiences, including our “aha moments.” This allows people to understand how we learned and possibly influence their learning.

2. Create a safe environment for people to share their experiences. Change is scary; we need to make it safe for people not only to try something new or different, but also to share those experiences. The benefit of this approach serves the individual, as well as others they interact with.

3. Share with authenticity: It’s not about being perfect, but being human and finding ways to learn, work and advance together.

Michael Santarcangelo is the author of Into the Breach and creator of Awareness that Works. Learn more at www.securitycatalyst.com or engage with him on twitter.com/catalyst.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs