Security has the reputation of being the “Department of ‘No.’” No, that risk is too great. No, we can’t take the chance. No, the likelihood of failure is too high. Most of us in the profession believe that the role of the security executive is not to say “no,” but to lay out the risks, costs, relevant factors and let the business or asset owner make an informed decision whether to go forward.
On a personal level, however, it’s imperative to sometimes offer a firm “no.” Not on whether to take a risk, but whether to take on a new role or responsibility, volunteer at an association, earn a credential present at a conference, help with a job search, write an article, or take on a mentee.