Infosec and the Death of the Rabbi

Thursday, May 17, 2012

Carter Schoenberg


We have all heard the common words from our elders that time goes by quicker as you get older.

Some have speculated the reason for this is simply because the inherent need to learn new things becomes diminished and our brains have adapted to our environments so older individuals feel like they are scrambling to keep the day going.

Younger people, especially children, feel the days take forever because they are being forced to learn rather than actually “live”.

Regardless of how we examine or interpret the results, there is no denying that individuals with many years of life’s experiences have a lot to offer young adults on matters of professional, academic and life lessons in general.

For those not familiar with the term Rabbi, it is an individual in a position of power and authority that has taken on the role of a mentor but additionally, is taking a vested effort to help groom and socialize the protégé as a future leader.

Currently, some have replaced the word Rabbi with “Champion” but the intent remains the same. With many large corporations having mentoring programs, why do we need a Rabbi? Quite simply, mentoring programs are generally built around a specific professional track and is generally bias to the organization’s expectations and culture.

This model would be fine if occupational tracks were not so transient but the days of putting in 20 years and getting a gold watch is all but gone. These programs are designed with a specific intent but where a Rabbi becomes more effective is where actual experiences illustrate value.

Since this article was designed for Infosec Island, let’s put this in terms relative to our occupational relevance. First off, how many Infosec mentoring programs are there? I personally am not familiar with a single one.

Because our industry changes so fast due to technology advancements and how these advancements can be maliciously exploited, perhaps there is something to be said about not investing in a mentoring program.

After all, isn’t a general awareness and knowledge what we expect and demand from our recent college graduates? How many professionals with more than five years of experience in a dedicated field of security can honestly say they met a recent graduate that needed absolutely no supervision or guidance?

Security professionals have one characteristic that is similar to IT Administrators; we like to keep our knowledge very close to the vest and rarely open up to others outside of a security conference or professional publication. It is not relevant that we do this out of ego or perceived self-preservation.

The end result is a culture that is heading on a path where gaps in knowledge and expertise are and will continue to increasing in size and scope. I think it would be an interesting point to see if well-established individuals in the field of security whom so many have put stock into like Marcus Ranum, Bruce Schneier, or whomever actually have a protégé they are actively putting on a path to successfully meet the challenges of the future.

(Please note that Marcus and Bruce have exceptional knowledge and selecting these two are based on name and brand recognition only. If either read this, I would be very interested what their responses are.)

While the economic crisis of 2008 has delayed a large percentage of Americans from retiring from key positions, including technology and security, it is only a delay. At some point in the very near future, a very large percentage of the security and technology decision makers will head off to greener pastures.

In less than 20 years, Generation X-ers will be heading that way as well. I do believe that there are many experienced professionals that will still seek out individuals where they see or have a gut feeling that a person will be able to emulate their core values and incorporate this characteristic with the knowledge of today’s technology and today’s security challenges. But outside of identifying the candidate, what additional actions are they implementing?

Recently approached by a senior staffer in the US Government, I was very flattered that I was solicited to be considered for a deputy role to be groomed for this person’s replacement upon retirement in the next few years. Granted I have known this person for several years but I would be remiss if I didn’t acknowledge that whatever knowledge and experience I possess, it would be enhanced exponentially by having him as my Rabbi.

Have you ever been at a meeting where you wished your boss didn’t just let you walk into a bear trap? Or if you only had the experience to deal with an internal/political challenge more effectively that has now potentially hampered your prospect of advancement?

These are the types of scenarios where the value of a Rabbi would be recognized as they make a vested effort to not only be your boss but also be your guardian angel, for lack of a better illustration.

This is not to say you rely on them to the extent they do your work for you, far from it. The goal should be to promote your independence and leadership through their capabilities as you grow to their level in the process. Think of how this would be applicable for say SCADA systems or any infrastructure where the sheer size of it makes it cost prohibitive to have new operating systems every three years.

Rabbis are not limited to just the C-Class, there is something to be said about security practitioners that have deep dive knowledge on very specific technologies and are at the director level or lower. The academic knowledge of any one system can be transferred with relative success.

However, what is more valuable, a SCADA security professional that understands the chemical plant he is working at with such detail and definition that his knowledge may never be rivaled or the same person who can also understand the organizations mission need and business drivers and can translate security into quantified risk measurements that make sense to a CISO, CIO or CEO?

The first person makes a great mentor; the second person makes a great Rabbi.

So now that we have touched upon the age classes of 40 and older, this leaves us with Generation Y and Millennial. Both of which have been affectionately branded the “Me” generations. When taking this cultural perspective into consideration, can these individuals understand the value of a Rabbi and more importantly, are they even inclined to maintain such a professional tradition?

It’s a good question that can only be answered down the road. In an ever increasing environment of social media domination and its impact on the human brain, we are consciously choosing to communicate and be social without being “personal”. I might be wrong but I would find it interesting to conduct an experiment on two Rabbi’s with their perspective protégés.

One is done the traditional way whereas the other is done through Facebook, texting or instant messaging. You can’t teach certain “soft skills” as previously depicted two paragraphs above through social media.

As a manager of 10 people who vary in age from early twenties to early sixties, it is a challenge to modify my communication style to effectively work with all of my team (Millennial through Baby-Boomer) but make no mistake the need exists.

The flip side of a Rabbi is the protégé must want one to begin with. I have a member on my team who has tremendous potential to really be great and add value as a leader in this field as he grows older and has more experience. While he has asked for guidance and advice, if he doesn’t follow it, what good is it?

One of my fondest memories with this person is seeing the level of frustration in his eyes after he didn’t listen to my advice and he then paid the price through a hard lesson learned. He acknowledged his flawed approach and I simply looked at him and said, “You do know that before you took this job I met you?” He looked at me confused trying to think how we could have met.

I followed with, “I met you about 20 years ago.” He then realized what I meant was I see him and I see myself a long time ago and the question remains will he learn from my mistakes or will he simply replicate them as he gets older.

A Rabbi can take you to the power lunch or corporate dinner; he/she simply can’t force you to eat.

Possibly Related Articles:
Security Training
Information Security
Training Expert Information Security Infosec Education Professional Skill Set Mentorship Program Experience
Post Rating I Like this!
Carter Schoenberg In the May/June issue of Public CIO, this topic will actually be addressed so please check out the article with Dan Lohrmann (State of MI CISO)
Dan Lohrmann Carter, the article you mentioned on our MS-ISAC mentoring program is at:
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.