Who is Your Mechanic: InfoSec Level Equivalents

October 7, 2016 | Views: 1974

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Question: Who is the most important person in an organization? Is it the CEO? Is it the Finance director? Is it Bob in Sales? Is it you? We are all cogs in the machine, but sometimes there are some key components a company can not do without.

A few years ago I read a quote  from the book Solider by Richard Holmes, an excellent military historian. The quote was from a Colour Sergeant Major (CSM), who said to the other Sergeants;

“The Officers drive the car, but it’s the Sergeants that run the engine”.

In essence, the Officers like to think they drive the car – they give orders, but without a solid team of sergeants, everything falls apart.

Think about that for a minute. Modern armies have a hierarchy of CO (commissioned officers), NCO’s (non-commissioned officers) and then the soldiers, troops, squaddies or grunts.

Not too different for a company:

•    the CO is your C-level management

•    the NCOs are middle management†

•    the business users are troops

Translate that to an InfoSec/IT environment

•    the CO is your CISO/IT Director

•    the NCO’s are middle management†

•    the techies are the troops

†A CISSP; if working on the ground with the troops;  I would classify as a NCO.

An organisation needs direction, this can come from policies and the top, but you need some strong NCOs keeping everyone in check. The NCOs get the job done.

NCOs don’t have to be middle managers either, they can also be team leaders. The grunts do the legwork, the NCO or “Sarge” has worked through the ranks and has the knowledge to mentor and support the team. The CO gives direction.

But a well-oiled regiment of troops runs nice and smooth because the Sergeants are running the engine to make it so.

Here’s the thing, if you run off and get a certification and think you can jump straight into a NCO role – wrong. That is not how it works in the military unless you are lucky. This does not happen in the real world either. To get into an NCO role you need be to be qualified, but more importantly you need to be time served, you need to be experienced and you need to be trusted.

But this is what should motivate you. InfoSec can be like the military.

The military recognize talent, they encourage development, they will train their people to be the best they can, if someone responds and performs then they will promote those people higher up, in turn they will help others to become the best they can.

The NCO needs to get the best out of the team, and sometimes gets to shout at people for doing ridiculously stupid things (think users opening suspect attachments for example).

However, unlike Gunnery Sergeant Hartman in Full Metal Jacket, don’t shout at people “What is your major malfunction” – that really won’t help, no matter how funny that may seem at the time. 🙂

So what do you want to be? A grunt, or a Sarge? I know what I want to be, do you?

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Great post, and it made me think back on a comment my then-9-year-old daughter asked me on one of the many occasions I took her to work with me.

    It was a smallish company, about 120 people, and I was one of two IT folks who handled virtually all of the multi-platform, multi-tech needs we had internally. After many times at work with me, and seeing me constantly called here and there to deal with this and that, she asked me one of those questions that kids pose so well: “Dad? Why aren’t you the boss of the company? _Everyone_ needs you!” (Kids are so cute.) I explained that I could see how the question might occur to her, but… that there are other things, not so visible, that are involved as well.

    • I’m kind of waiting for a cool job title that is self-explanatory, helps so much when the kids are at school

      “When I grow up I want to be a Fireman, just like my daddy”
      “When I grow up, I want to be a princess” (well there is always one)
      “When I grow up, I want to be a information systems analyst and program like a boss”

      Doesn’t quite have the same ring to it, but a bit out there for most other parents to compute and take in.

      For a while I thought my daughter would veer towards an auditor as she is always checking things, but is risk averse “dangerous”. Maybe a job in insurance, but she is only 6, so still time for her to get into IT.

  2. What about the network architects? That’s a very techy job still a grunt?

    • I kind of thought that someone that was techie would say “hey that’s not fair, why am I not a sarge?”

      It’s not a competition! 🙂

      Seriously though, the article was focussed at people in a tech job, but in the lower ranks. Many a time I have seen contractors come in gushing they have certs – but no experience. They end up working on the helpdesk, frustrated. We all have to start somewhere, but instead of exhibiting angst, knuckling down doing your best and get the experience in, and combined with your cert – you will get there.

      I’m going to be working on another two articles looking at this exact issue, and I hope it is both interesting and enlightening for people.

      If you are a network architect – kudos to you – better than I am currently! 🙂

  3. Great write up, and as a veteran I couldn’t agree more.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?