My book “Social Skills For Information Security Professionals: A Handbook For Those Who Strive To Lead And Manage Effectively” is live

Here it comes!

11 years of learning, 2 years of writing, 84 pages for you to read. 🙂

You can download a pdf here: Social Skills For Information Security Professionals: A Handbook For Those Who Strive To Lead And Manage Effectively by Dawid Bałut

And a few words on how it all came to be that Peerlyst is a publisher and a patron for my book…

I must admit that this book most likely wouldn’t have happened if it wasn’t for a great infosec community I’ve found in 2016. Over 2 years ago I’ve found a website called Peerlyst which turned out to be the startup with a mission to create the best collaboration and knowledge transfer platform for security professionals.

I’ve found it because one of the users ( imad bsd‍ ) posted there a link to an article on my blog, and I’ve noticed many visits from one source. Curious to see what it was all about I visited the peerlyst.com and found overwhelmingly positive feedback about my content. Finally, I’ve found a place that felt like sort of a home I never really had. A place where even if people don’t agree with you, they don’t make you feel like a piece of crap but provide you friend insights which you can then use to learn and grow.
Fast forward a couple months later, Peerlyst created an initiative to write a crowdsourced book on “Essentials of Cybersecurity: How to get the basics right”, where I volunteered to write a chapter about something I’m deeply passionate about as it connects a few deep interests of mine, i.e. business, infosec, psychology, and sociology. My chapter called “Building a corporate security culture” has been such an exciting subject to me, that I’ve written over 10 pages despite being asked to provide only 2-3 pages. I wasn’t really surprised when I’ve heard that most of my content didn’t fit in, because there had to be a place for chapters of other great individuals. As I couldn’t let go to waste something I strongly believed in, I decided to publish at Peerlyst the subchapters that didn’t get it into the ebook. Turned out that once again that the community appreciated my contribution and my posts sparked a huge discussion on the soft side of our jobs and allowed me to learn a ton from experience of other professionals coming from very diverse backgrounds. After so many great discussions, after seeing people opening up about their personal life, about the relationships issues they’re facing because of the stress at work, about the health issues generated by their anxiety, I felt obliged to create a resource which could help others at least a little bit. I know how it feels when life just ain’t right and you start to lose hope. I got to know people who were in the same spot as me and it would be cruel of me to not share the tips that have helped me regain my sanity and achieve some level of professional and personal success, i.e. happiness.
Happiness is a never-ending chase, but it’s still something if you at least hate your life a little less.
That’s the reason why I’ve spent the next 2 years writing this piece of art and assembling only the advice I truly believe to be universal, practical and helpful for the community.

Deep inside I believe that running into Peerlyst was one of the best things that happened to me. I haven’t made any money out of it, I haven’t sold anyone anything, and I never intend to monetize on them, because way too much I appreciate what they have already given me in return. I earnt an unbelievable feeling of connection with the community of people who I’ve been searching for my entire life.

Being a part of something bigger, learning from the greatest and having an opportunity to exchange feedback is something that can’t be compensated with any money.

I’m simply grateful because the mission to help others live better lives is something extraordinary that Peerlyst is allowing me to do.

Table of contents:

  1. On my motives for this book 4
    1. How and why – I believe – can my story make your life easier 4
    2. How and why – I believe – my story can make you avoid personal and professional suffering 6
    3. How to squeeze maximum value out of invested time in reading this book 8
  2. Align strategy with business stakeholders first 10
    1. Who’s actually responsible for investments in security? 10
    2. It all goes top to bottom, the culture and tone set by execs is a real thing 11
    3. Set common goals with management and executives 12
    4. Settle down on authority at the earliest 13
  3. Build credibility and learn the language of business 14
    1. Stay away from spreading confusion and FUD 14
    2. “Make it till you make it” is a much better strategy than “Fake it till you make it” 16
  4. Everyone is a target these days, but are they truly aware of it? 17
  5. Agile implementation of security into a corporate culture 18
    1. Start small 18
    2. Start early 20
  6. Outline SDLC/NDLC improvements 21
    1. Security should be perceived as any other cost of running a business 21
    2. Hold them accountable to high standards, but keep your expectations low 22
    3. Build a Secure SDLC 23
  7. Show up, adapt and deliver results 25
  8. Make security simple 26
    1. Simplify it for them 26
    2. Everything is just a tool and the mission is the only thing that matters on the macro level 27
    3. Encourage and teach instead of demanding and judging 27
    4. Extensively explain security requirements and identified issues 28
    5. No matter what your specialization is, we all share the same goal – improving the defense 29
  9. Do the work behind the scenes and don’t be a workflow bottleneck 30
    1. InfoSec as an enabler 30
    2. Listen and execute behind the scenes 31
  10. Embrace DevSecOps 32
    1. Become a member of each department 33
    2. Delegate instead of trying to fix everything yourself 34
  11. Internal security training and awareness awards 35
    1. Conduct recurring security training 35
    2. Popularize internal Bug Bounties and awareness recognitions 36
  12. Security Is An Art Of Tradeoffs So Learn How To Manage The Risks 37
    1. Be practical 37
    2. Allow cutting corners when necessary 38
  13. Learn how to run productive security meetings 39
    1. Create a friendly atmosphere during your meetings and spend most time listening 39
  14. Leave Your Ego At The Door And Study Empathetic Leadership 41
    1. Make it all about them by making it personal 41
    2. Never play the shame or blame game 42
    3. Don’t forget about non-techies 43
  15. Leadership values and Emotional Intelligence 44
    1. Be a leader you wished you had and remember that we’re all just humans. 47
    2. The long-term efficiency requires you to do things the right way 47
    3. It’s easy to destroy relationships and hard to rebuild them 48
    4. No place for ego in the effective management and when less is more 50
    5. Listening is a skill which requires constant training 53
    6. Memory exists so we don’t repeat the same mistakes again, not so we romanticize the painful experiences and live in the past 55
    7. Appreciate feedback every single time you get some 56
    8. Make them safe and make them feel the comfort of that safety 57
    9. On toxic and productive criticism 58
    10. Watch your language and respect your peers 59
    11. Blaming, shaming, pointing fingers doesn’t help anybody. Never, nowhere. 61
  16. Growing thick skin in InfoSec 62
    1. Dealing with negativity and destruction is a part of nature 62
    2. On the truly negative 63
    3. Sometimes the best way to win is to quit 65
    4. Don’t shy away from showing off your success 66
  17. After all, it’s all about protecting the money-making machine 68
    1. Make each action purposeful and data-driven 68
    2. Adapt, adjust and execute 69
    3. Securing the money-making machine is the prime objective 70
    4. Business context matters. A lot. 72
  18. Effectiveness, High Productivity and Fulfillment in the InfoSec — The Game That Never Ends 75
    1. Don’t make it hard for people to get involved 75
    2. Stay humble, no matter what 75
    3. Value their time over yours 76
    4. Create a culture of appreciation 76
    5. Don’t take good results for granted 77
    6. Avoid myopic decisions to save your reputation 78
    7. Don’t let the stress and short-sightedness slow your company down 79
    8. Become a lifelong learner 80
    9. Go the extra mile 81
    10. The game that never ends 81
    11. Be selfish 82
    12. Now it’s all up to you… 82
  19. Dawid Bałut bio

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s