SANS Technology Institute: Leadership Laboratory
Welcome to the Leadership Laboratory. I'm Stephen Northcutt and like many of you I am an information security manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security management as well as the people side of the job. The "Leadership Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about management, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512 Security Leadership Essentials For Managers and the GIAC Security Leadership Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu. If you enjoy reading our content, you can get the latest articles by visiting this page or subscribing to our RSS feed:
Click here to subscribe to the Leadership Laboratory Article Feed
Click here to subscribe to the SANS NewsBites Feed
- Leadership Lab: STI Degree Candidates' Leadership Essays >> View This Series Only
SANS Technology Institute's mission is to develop the leaders of the future for the information security industry. One of our admission requirements is that an applicant complete an essay describing leadership qualities they have demonstrated in the past.
SANS Technology Institute's Leadership Essay - June 5th, 2007
By Stephen Northcutt
Stephen Northcutt explores the leadership essay requirement for students applying to The SANS Technology Institute and why STI posts those essays on its Leadership Laboratory.
Leadership Essay SANS Technology Institute - July 24th, 2008
By Mark Baggett
Mark has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the following: If a leader can inspire individuals to believe in the idea or cause, then individuals will take action even if it is inconvenient.
Leadership Essay SANS Technology Institute - May 13th, 2008
By Tim Proffitt
Tim has been accepted as a candidate for the Master of Science Degree in Information Security Management. His essay describes his experiences in creating the first technology security department for his employer.
Leadership Essay SANS Technology Institute - April 16th, 2008
By Brian Nolan
Brian has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the leadership qualities he values the most and how he has used them to lead his team in an information security services practice.
Leadership Essay SANS Technology Institute - February 22nd, 2008
By Gregory D. Farnham
Gregory Farnham has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes two leadership components: Vision and "Making your own Luck."
Leadership Essay SANS Technology Institute - February 8th, 2008
By Emilio Valente
Emilio has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes leadership in his family life.
Leadership Essay SANS Technology Institute - December 7th, 2007
By Jim Beechey
Jim Beechey has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes three leadership qualities: focusing on fixing the problem rather than placing blame; developing others without fear; and, collaborative decision making.Leadership Essay SANS Technology Institute - September 14th, 2007
By Robert S. Turner
Robert Turner has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; his essay describes his experiences in leadership.Leading to Patch Management - June 27th, 2007
By Brad Ruppert
Brad has been accepted as a candidate for the Master of Science Degree in Information Security Management; this leadership essay describes his experience in developing a successful patch management strategy.
Leadership in Consulting - June 8th, 2007
By Rob VandenBrink
Rob VandenBrink has been accepted as a candidate for the MSISE degree at STI; his essay describes leadership in consulting.Leading from the Front - May 4th, 2007
By Dwayne Edwards
Dwayne Edwards has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; his leadership essay describes his experience in leading from the front.
Leading Through Mentoring and Coaching - January 10th, 2007
By Kevin Bong
Kevin has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; this leadership essay describes his experiences in leadership through mentoring, coaching and building teams.
SANS Technology Institute Leadership Essay - December 26th, 2006
By John Hally
SANS Technology Institute's mission is to develop the leaders of the future for the information security industry. One of our admission requirements is that an applicant complete an essay describing leadership qualities they have demonstrated in the past. John Hally has been accepted as a candidate for the Master's Degree at STI - he submitted this essay as part of his application.
Applied Intelligence Analysis of Networks - June 16th, 2008
By Richard Porter
Concepts of operation can sometimes be problematic when technologists get caught up in the technology. Richard Porter utilizes an Information Operations concept, OODA, to build an action model for network traffic analysis to provide better Quality of Service to traffic.
- Leadership Lab: Management Competencies >> View This Series Only
Situational Awareness Advice for Security Managers - February 4th, 2008
By Stephen Northcutt
Whether you are a newly appointed leader with security responsibilities or an established leader, today is a great day to assess yourself. Make a new day's resolution to be more effective, to increase your personal alignment with the needs of your business and your group's effectiveness in serving your business. Great leaders are aware of their surroundings, and they ensure that their team and co-workers are also aware.
Tenet Nosce - January 29th, 2008
By Stephen Northcutt
As computer security managers, we need to honestly understand our capacity for effecting change. We need management skills, security skills, and a track record of putting them to use. Our chance of effecting change in ourselves is much higher than with others, so here we explore some meaningful and practical steps to assessing one's self as a manager.
Using Key Competencies to Manage Career Development and Direction - May 30th, 2008
By John Hally
John Hally, MSISE student at SANS Technology Institute, explores the four key competencies he believes are essential to managing and controlling the direction of a person’s professional career path: Visioning, Professionalism and Relationships, Self Direction and Flexibility. John prepared this paper for the MGT 421 Leadership and Management Competencies course.
Motivation Mistakes Inexperienced Leaders Make and How to Avoid Making Them - March 10th, 2008
By Russell Meyer
Russell Meyer, MSISE student at SANS Technology Institute, examines some common motivation mistakes made by inexperienced leaders and discusses how those mistakes could have been avoided. Russell prepared this paper for the MGT 421 Leadership and Management Competencies course.
Improve the performance of a project with a good start - January 11th, 2008
By Stephen Northcutt
Many projects fail due to cost overruns, falling behind schedule, and so forth. We can reduce the risk of project failure by investing some time in up front planning before we start. A key to success in project management is to identify all stakeholders and ensure that they clearly understand and support what the project should achieve.
Project Management for Security Managers: Develop a Plan - January 29th, 2008
By Stephen Northcutt
I like to think of a project plan as something similar to a recipe in a cookbook: it gives me the ingredients I need, and often includes a picture of what the finished product will look like. It gives me the steps in the sequence that I need to follow in order to create the final deliverable. Many times there are intermediate steps along the way, such as creating a sauce to be used later. You can think of these as milestones. As a manager, when someone asks you to review a project plan, it is strongly advised that you give it the cookbook test.
Resolving Performance Issues Caused by Lack of Skill or Ability - December 24th, 2007
By Kevin Bong
Kevin Bong, MSISE student at SANS Technology Institute, discusses what a manager should do when she suspects the employee is unable to perform a task due to lack of skill or knowledge. Kevin prepared this paper for the MGT 421 Leadership and Management Competencies course.
Living Life on Purpose - Personal Branding - Updated September 6th, 2007
By Stephen Northcutt and Ted Demopoulos
Personal branding is what prevents you from being a commodity and receiving commodity pay. It's why people want to hire you, work with you, have lunch with you, and generally associate with you. Your personal brand prevents you from being outsourced, ignored, or easily replaced. It's why you are not just another cog in the machine. Your personal brand is the unique value you bring to the table.
Positional and Personal Authority - Updated September 6th, 2007
By Stephen Northcutt
The effective manager has to be brutally honest with themselves, and understand their mindset and their ability to effect change. As you work through the abundance of budgetary, technical, and management information in your profession, it is important to understand where you are now and where you need to grow. This will help you to periodically develop a "short list" of things you want to ask, change, or implement.
Cross-training: A Case Study - July 27th, 2007
By T. Brian Granier
This article is presented as a case study outlining the reasons for cross-training, methods of implementation and analysis of the results as it applies to his personal experience with an IT services team.
How to "Pushback" - July 17th, 2007
By Stephen Northcutt
This essay looks at a unique mechanism for resolving differences, called "pushback". When you say "I am pushing back," you are reminding the other party that you seek conflict resolution, not an argument. It is also a tool to help the other party remember to listen to your position.
Should I Apply for this Middle Management Position? - Updated June 13th, 2007
By Stephen Northcutt and Kevin Bong
Version 1.1An opening has come up for a middle management position, should I apply? Odds are it means a pay raise at the beginning, but unless you work hard to develop the skills that a middle manager needs to be successful, you may actually be less employable in a few years as you lose your technical edge.
Groups in Conflict: How to Manage their Relationship - June 8th, 2007
By James Voorhees
James Voorhees, MSISE student at SANS Technology Institute, explores ways to manage conflicts between groups. He prepared this paper for the MGT 421 SANS Leadership and Management Competencies course.
Creating the Next Generation of Cyber Security Leaders - May 8th, 2007
By Richard Hammer
Richard Hammer, MSISE, the first graduate of The SANS Technology Institute, discusses how today's top level cyber security directors must have good technical skills; no longer will only being politically savvy qualify someone as a cyber security director. These leaders, to be successful, will need to have both the technical ability and the communication skills to speak with authority on cyber security solutions.
How To Budget Time - February 8th, 2007
By Stephen Northcutt
To be successful as a leader we need to budget our time, our resources, and our finances. Often we do not give sufficient consideration to our time. Take a minute to check your Daytimer; if you do not have regular appointments six months out or more to do the critically important tasks such as planning, personnel management, and systems and budget reviews, it is an indication that you are living day to day. It means every crisis that comes up can derail your program.
The Security Manager and Business Situational Awareness - January 29th, 2007
By Stephen Northcutt
Business unit managers and business operations leaders are always telling information assurance managers that "Security needs to be aligned with business". This is one of the primary goals of both the SANS Technology Institute's Master of Information Security1 programs and also the SANS Security Leadership Essentials2 course, but what are the fundamental things security managers can do to help align security with the needs of the business? We suggest that progress is possible if there is a process in place to develop and maintain business situational awareness.
How to Address Shortcomings in Employee Evaluations - January 1st, 2007
By Stephen Northcutt
It is something every manager is uncomfortable with, you have an employee that is a pretty good worker and on four of their five evaluation objectives they did fine, however how do you talk about number five?
Conducting an Exit Interview - March 22nd, 2007
By Stephen Northcutt
When employees leave your company, for whatever reason, a well planned exit interview can be of great benefit to both management and the departing employee. This essay looks at four major issues to consider when conducting an exit interview.
Measuring Employee Performance - November 14th, 2006
By Stephen Northcutt
Forward looking organizations can use quarterly performance reviews to shape to work place and help them develop the hot skills needed to leverage technology accelerators.
Coaching to Improve Performance - March 12th, 2007
By Stephen Northcutt
A coach is a person who enables clients to master specific skills and knowledge and to develop abilities. Like counselors and mentor, coaches offer prescriptive advice, error analysis, expert opinions and "how to" guidance.1 Coaching is one of the keys to business execution. If an otherwise skilled employee is struggling with a particular skill or ability, coaching can help them get over the hump. There are seven primary benefits a coach passes on to the client:2 Encourage Life Long Learning and that is Healthy!; Promote Self Esteem; Learn Goal Setting; Encourage and Model Teamwork; Develop Time Management Skills; Learn About Dealing with Adversity; and, Have Fun with the Task at Hand.
The case for outsourcing Log Analysis - January 11th, 2008
By Stephen Northcutt
I recently saw a press release indicating that SecureWorks has added a managed log retention service in partnership with an industry-leading log management solution provider LogLogic(R), to provide enterprises with comprehensive log aggregation, retention, searching and reporting. This is interesting: four or five years ago there were only a few log management vendors, LogLogic being one of them, and today there are a dozen, but I had not thought of this as a service.
What are the characteristics of a professional security technical writer? - December 4th, 2007
By Stephen Northcutt
How do you learn to be a technical writer? There are many programs, but
the short answer is that you have to write, a lot, and your work needs to be
reviewed by someone qualified to review technical security material.
Google Power Searching for Security Managers - December 3rd, 2007
By Stephen Northcutt
One of the important Operations Security tasks is to determine your organization's exposure to search engines. In the same way, you want to use search engines like Google to gather information about your competition. The most important thing we need to do in a search is to reduce the number of findings. So many times Google will return with over a million pages and this will only get worse as the Internet continues to grow. This first set of operators helps you narrow your search and then we will show a series of commands to find additional information.
The 12 Laws of IT Power, a Keynote Presentation - Updated November 8th, 2007
By Stephen Northcutt
Slides and notes from Stephen Northcutt's keynote presentation on the "12 Laws of IT Power".
The Role of the Student's Outcome Statement at SANS Technology Institute - November 1st, 2007
By Stephen Northcutt
There are many and varied reasons for a student to apply to graduate school. If you are accepted, you can expect to make a sizable investment in time, energy and money to complete the program. To protect you, and to remain true to our mission statement, the admissions office asks you to complete an Outcome Statement as part of the admissions process.
- Leadership Lab: Entrepreneur Series >> View This Series Only
This series will share discussions with entrepreneurs in the computer, network and information security industry.
Interview with Dr. Robert Arn, CTO of Itiva - November 1st, 2007
By Stephen Northcutt
The Leadership lab came across an interesting company, Itiva. Their CTO, Dr. Robert Arn, was kind enough to share his time and thoughts with our readers, and we certainly thank him for his time.
Assembly Bill (AB) 779 Suffers from Sloppy Draftsmanship - October 12th, 2007
By Benjamin Wright, JD
Confusing language in California's AB779, which has gone to the Governor for signature, forbids merchants from retaining certain payment data. It smacks of a legislature precisely dictating technology. When a legislature dictates technology, it risks misunderstanding. It stifles innovation, and raises problems as technology evolves.
PowerShell for IT Managers - October 10th, 2007
By Jason Fossen
Jason Fossen describes the advantages of PowerShell, a welcome change from Microsoft, making it the future of command line administration and scripting for Windows.
What is Windows PowerShell? - September 27th, 2007
By Jason Fossen
Windows PowerShell is both a command-line shell (powershell.exe) and
the name of a scripting language and is intended for network
administrators, not professional programmers; it will eventually
replace the CMD shell (cmd.exe) and VBScript as the most popular shell
and scripting language for Windows.
- Leadership Lab: Interviews with SANS Technology Institute College Graduates >> View This Series Only
A series of interviews with SANS Technology Institute College graduates
Interview with T. Brian Granier, Second Graduate of SANS Technology - September 19th, 2007
By Stephen Northcutt
T. Brian Granier is the second graduate of the SANS Technology Institute, a post graduate information security college. Stephen Northcutt had an interview with Brian to get more of his story about the experience of earning his degree from STI.
Interview with Richard Hammer, First Graduate of SANS Technology Institute - March 31st, 2007
By Stephen Northcutt
Richard Hammer is the first graduate of the SANS Technology Institute, a post graduate information security college. Stephen Northcutt spoke with Richard to get more of his story about the experience of earning his degree from STI.
Interview with Charles Edge - September 15th, 2007
By Stephen Northcutt
Charles Edge talks with Stephen Northcutt about security issues in the Mac world; even though the core OS is pretty safe, there are vulnerabilities that every Mac user should be aware of.
Qualitative vs. Quantitative Risk Assessment - September 15th, 2007
By Stephen Sims
In this article Stephen Sims expounds on the three levels of qualitative risk assessment and how to determine the cost associated with compromise, the likelihood of discoverability, and the difficulty of execution. He introduces a multi-dimensional approach in areas of assessing vulnerability.- Leadership Lab: Intellectual Property Series >> View This Series Only
This series of essays can help the IT manager learn how to identify and protect intellectual property and intangible assets.
Trademark Infringement - The Likelihood of Confusion - August 27th, 2007
By Eugene R. Quinn, Jr.
When the goods produced or services offered by the alleged infringer compete for sales with those of the trademark owner, infringement usually will be found if the marks are sufficiently similar that confusion can be expected. When the goods are related, but not competitive, several other factors are added to the calculus. If the goods are totally unrelated, there can be no infringement because confusion is unlikely. The goal is to protect the consumer, not to protect trademark.
Valuation of Intellectual Property Case Study - IPWatchdog.com -
By Stephen Northcutt
Since 1999 IPWatchdog.com has provided individuals, small businesses and entrepreneurs with information to help them understand all areas of intellectual property and to become better consumers. In fact, IPWatchdog.com leads the charge to inform individual inventors of invention submission scams. Indeed, if you type "invention submission" into Google, Yahoo or MSN, IPWatchdog.com's "The Truth About Invention Submission," a detailed expose and warning, is the first page that appears in the free rankings.
What is Intellectual Property - March 14th, 2007
By Stephen Northcutt
Intellectual property is a tangible expression of a human idea that shares many of the characteristics associated with real and personal property. Intellectual property is an asset, and as such it can be bought, sold, licensed, exchanged, or gratuitously given away like any other form of property.
Creative Commons and Intellectual Property - May 1st, 2007
By Stephen Northcutt
The well known book, The Long Tail, by Chris Anderson, points out how two major perspectives on authorship change the way creators of content feel about copyright.
What Is a Patent? - April 7th, 2007
By Stephen Northcutt
Patents are tools that grant legal intellectual property protection to inventions, an object, process, or technique that is novel.
Copyright - April 7th, 2007
By Stephen Northcutt
Copyrights, like patents and trademarks, are a public claim of ownership and offer limited monopoly power over intellectual property.
Digital Rights Management - April 7th, 2007
By Stephen Northcutt
Digital Rights Management is a broad term encompassing a variety of methods to protect digital media from piracy. Its history and current status exist with some interesting facts and legal controversy.
Trademark and Brand - April 7th, 2007
By Stephen Northcutt
Trademark and brand are two key identifying elements to your organization. They are important enough to carefully develop and protect.
Trade Secrets - April 7th, 2007
By Stephen Northcutt
Copyrights, patents and marks are all examples of intellectual property that can be registered with governments or the World Intellectual Property Organization. A trade secret such as know-how and other similar intangible intellectual property is something you do not register, instead, you protect it.
The Value of IP - April 7th, 2007
By Stephen Northcutt
The value of your IP directly affects the value of your organization and the amount spent to protect the information. Therefore, knowing how to calculate and determine the IP value is crucial.
Licensing and Franchising - April 3rd, 2007
By Stephen Northcutt
Licensing and franchising are two ways for an organization to protect valuable Intellectual Property.
10 Steps to Protect IP - March 13th, 2007
By Stephen Northcutt
The last entry in the SANS intellectual property protection series, the ten steps to protect IP.
Eight Critical Success Actions for Information Security - July 11th, 2007
By Alberto Partida
How can information security be a business enabler? Currently the
interaction of the business with information security can be a painful
and expensive process. This creates frustration, both for the business
and also for the information security professionals. If we aim for a
different result, then we have to act differently. This article
suggests eight actions for information security leaders to implement in
order to improve both this situation and their daily working
experience.
- Leadership Lab: Information Technology and the Law >> View This Series Only
This series of essays explores the many aspects of technology law relating to computer and information security.
Let Credit Card Industry Allocate Data Security Risks by Negotiation - March 12th, 2007
By Benjamin Wright, JD
Retailer TJX suffered a highly publicized breach of security in which some credit card data was compromised. On the heels of this story, Massachusetts legislators are considering a bill to require retailers to assume greater liability for losses suffered. Ben Wright comments on why this will not work well and suggests the financial institutions can use their existing forums to negotiate a solution.
Data Thefts - Give the Public the Disclosure It Seeks - March 22nd, 2007
By Benjamin Wright, JD
Lawyers advising an enterprise suffering a data security breach tend to have a circle-the-wagons mentality. They go on the defensive. They fear that lawsuits and government investigations will force their client to pay damages and fines. So they advise the client to clam-up and say the least possible about the incident. But this defensiveness can make matters worse.
Network Neutrality - Updated July 3rd, 2007
By Stephen Northcutt
Version 1.2What is the role of the information security leader with respect to Network Neutrality? There is big money riding on this that could affect the operational cost of network access for your organization or company.
Can Cyber Criminals Consent to Being Watched and Foiled? - May 14th, 2007
By Benjamin Wright, J.D.
Computer crime laws protect our use of the Internet, but they also raise issues for security professionals trying to thwart cyber criminals. Benjamin Wright, J.D., examines how decisions regarding consent and criminal law can be applied to efforts to stop botnets and phishers.
The Dangers of Too Much Data Privacy - May 28th, 2007
By Philip Alexander
Data privacy is a real hot topic nowadays. Thirty six states plus
New Merchant Liability for Losing Credit Card Data - June 14th, 2007
By Benjamin Wright, JD
The Minnesota Legislature has shaken up the ecosystem in the credit card industry. It has enacted legislation that shifts the rules and risks associated with the protection of credit card data. Benjamin Wright, JD examines why the new law gives Minnesota merchants a bit less incentive to accept credit cards as payment.
ChoicePoint Marked New Era in Data Security Law - May 31st, 2007
By Benjamin Wright, J.D.
Remember how ChoicePoint suffered dearly for its 2005 security break-in? Benjamin Wright, J.D. examines their experience, the varied legal responses from California and many other states, and what enterprises should be doing to better protect private data.
The Auditor and the PMBOK: Re-examining the Audit Process - February 28th, 2007
By James Tarala
In most studies that one would read espousing one particular view of the audit process or another, there are varying degrees of similarity between the processes. Many organizations and writers have developed processes that they believe information assurance auditors should follow when performing a formal audit of an organization's information assets. Whether it is the process defined by industry groups or varying universities publishing their standards there are certain similarities that one will find.
IT Security Industry Changes - February 27th, 2007
By Stephen Northcutt
Over the past six years, SANS Technology Institute's Stephen Northcutt has been gathering data and stories from security managers in more than 100 US organizations searching for patterns in job changes of security managers and the consultants who support them. The research was triggered by multiple emails from security managers who were facing reorganizations. His conclusions, albeit preliminary, paint a worrisome picture of job prospects for ill-equipped security managers, but also offer promise of some opportunities for success and advancement.
The Hard Realities of IT Outsourcing - February 27th, 2007
By Stephen Northcutt
Version 1.1
Outsourcing is driven by five principal concerns: to lower cost, increase speed of growth, focus on core competency, stay compliant with government regulations, and compensate for the difficulty of recruiting and maintaining specialized hot skills talent in a world of increasing IT compensation.
Leadership and Evacuation - February 20th, 2007
By Stephen Northcutt
Evacuations have saved thousands of lives in incidents ranging from small building fires to massive regional disasters. For many personnel security threats, facility evacuation is effective. In addition, for regional disasters, personnel evacuation is the important first step for families to reconvene and evacuate to another region. Leaders are responsible for ensuring that procedures for evacuation are prepared and practiced;and coordination with Human Resources, Business Continuity and Disaster Recovery Planning, and Executive management should be tested and refined.
An Interview with Dr. Eric Cole - February 8th, 2007
By Stephen Northcutt
Most study disciplines define a Common Body of Knowledge (CBOK). In Information Security the ISC2 was the first group to do so and their definition is widely held in information security. GIAC has funded a research project with Dr. Eric Cole as a principal investigator to conduct research into the CBOK and make the results freely available to the community.
Remain as Independent Contractor or Return to Employment Status - January 17th, 2007
By Michael Solomon
Every year I re-evaluate my employment status in an effort to validate my decision to go independent as an IT security consultant. The idea is to recognize any changes in my environment that would indicate that I am no longer on the "right" side of the fence. I know "the grass is always greener on the other side", so I will try to be objective.
CERT is Doing Podcasts? - January 12th, 2007
By Stephen Northcutt
In the interest of full disclosure, I am over 50 years of age, I don't own an iPod and don't quite get the whole podcast movement, but I applaud any technology that can be used to educate. So, when I heard from Julia Allen1 from CERT2 that they had completed a security series3 of web casts I felt compelled to investigate.
How to Choose the Right Master of Science in Information Security College Program - December 28th, 2006
By Stephen Northcutt
An advanced degree can propel your information security career forward by increasing your respect and equipping you with the knowledge to be a leader in your field. However, many of the programs offered lack the basic foundation and reputation to help with either. A number of these programs have come to my attention because they are teaching pirated materials from SANS courses, especially Incident Handling and Hacker Techniques, Security 5041 and we find them when they post SANS copyrighted study materials on the web. If a professor lacks the skill to develop their own course material they probably lack the skill to really prepare students to be leaders in the field of information security. Yet hundreds of students sign up for substandard education every year. This article offers simple tips to help choose the right program for you.
Case Study: The Role of IT in Operational Risk - December 15th, 2006
By Stephen Northcutt
CEO Bill Jones was tired; two days and long nights of damage control were taking their toll.
