March 2009 - Issue 7

View Online

Tell a Friend

Top Banner

CISO Guide to Application Security

A CISO's Guide to
Application Security

Learn why application security is more critical than ever to your business, and the six steps to secure applications.

Fortify Software Lands in Leaders Quadrant of Magic Quadrant

New Data on Leading Software Security Initiatives

Reader Survey

Complete our one-minute reader survey, and you could win the book Secure Programming with Static Analysis.

Subscribe here or manage your subscription.

RSA ConferenceUSA 2009
April 20-24, 2009
Infosecurity Europe
April 28-30, 2009



More ...

Off by On: The latest on Software Security Assurance

Software Security

Security & Privacy


More ...


What's Your Best Advice?

Back to newsletter

Previous Issue's Dilemma:

How to handle a sneaky boss?

Most of us probably deal with at least one person who doesn't like us and makes us miserable at work. While we could try changing jobs, it won't always help. Chances are we'll meet someone else who takes the previous person's place in making work less enjoyable.

While I like my job, my problem is not a co-worker; it's my boss. She is cheerful and chummy, but when something falls, she blames someone on our development team. I'm usually the person she blames. She assigns me projects without the guidance or resources to be successful. When the security falls, it becomes "my fault."

How do I deal with her? Should I talk to her or go to HR?

-- Fred, Software Engineer

Replace the blame with proof

Fred, you must have touched a chord with people, because we've received very detailed, helpful answers to a thorny question and touchy situation. Many readers think you need to back your efforts up with proof, so whether or not you learn to work better with your boss, you protect your position through documentation.

Readers' answers fall into four actions you can take:

  1. Prepare yourself with essential reading.

  2. Document everything.

  3. Focus on yourself and provide the facts.

  4. Update your resume.

Prepare yourself with essential reading

Complimentary White Paper

A CISO’s Guide To: Web 2.0 Security


Web 2.0 has made the Web a livelier and friendlier place, with social Web sites, wikis, blogs, mashups and interactive services that are fun as well as useful. There are two Web 2.0 concepts that change the game for CISOs and that they need to understand. The first is the introduction of rich client interfaces (AJAX, Adobe/Flex) while the other is a shift to community-controlled content as opposed to publisher consumer model. Both have serious security issues.

Download your complimentary white paper.

Debbie Christofferson, information security manager at the Apollo Group, suggests you buy either Dealing with People You Can't Stand: How to Bring Out the Best in People at Their Worst or Dealing with Difficult People: 24 Lessons for Bringing Out the Best in Everyone by Drs. Rick Brinkman and Rick Kirschner. She notes, "The books give personality profiles and offer concrete feedback on how to deal with them. Your boss isn't going to change -- you are in charge of yourself, and that's the only person you can change."

Document everything 

Several readers make suggestions as to how you should document this kind of situation. Virginia Benedict writes that your boss could be blaming you because she has high expectations of you. Benedict includes a list of steps you should take to document the process:

  1. "Create a summary of what you understand you must accomplish.

  2. Include a list of questions about the project and her expectations.

  3. Include a requisition of the necessary tools and guidance you need to make the project successful.

  4. Make your list precise, simple and credible.

  5. Create a three-dimensional "what if" matrix in Excel to visually show what happens when a given essential vector isn't present.

  6. Bullet-point your items and don't be verbose.

  7. Use newspaper-column formatting for ease of reading."

Another reader believes that it's best to forgive and forget past transgressions. He says, "The bottom line for me is that a knock-down, drag-out fight with your boss seldom leads to anything good in the long run, so if you can, find a way to work with her."

He suggests meticulously documenting the next project, to protect yourself.

  • "You need to DOCUMENT in writing the fact that you didn't get the guidance or resources necessary. Let her know WHAT guidance or resources you need and why, so that you have something to go back to.

  • If she still throws you under the bus, you might have a bigger problem. If you plan to go to HR, document everything, including when you got the project, why it wasn't resourced properly, how you notified her and especially, how you tried already to resolve it with her in person. So if you plan to call her out, you better have good documentation."

Provide the facts and focus on yourself

Ed Lucero, quality manager, says, "My work behavior is typically the same regardless of whether or not I have a true leader for my supervisor. Focus on what you can do first, as opposed to focusing on the manager. We succeed and fail together in a project. Do not grin and bear it and attempt to complete the project. The correct thing to do is to use an existing process that will explain why this project will probably fail or succeed. It's important to do this for this particular project and to set a precedent for future projects."

He continues, "I once had a manager who tried to force a risky project on me with inadequate time to complete the project. I rarely say no to work, but simply provide the facts. After reviewing all inputs (requirements, use cases, what success 'should' look like), I told the manager that we could accomplish the project with 70 percent quality. I had zero stress because I knew that this was the best that I could do, given the circumstances. This effectively shifted all the stress and the business decision to the place where it belonged: the business. If the business collectively agrees to the 70 percent quality, then if the quality of the complete project is 70 percent, I will have succeeded. All things are possible with time, money and resources. If they are inadequate, the results will also be inadequate."

Update your resume 

Two of our readers think you might consider moving on. The first says, "They say the best time to look for a job is when you already have one. If the stress level is too high for you, you may want to consider doing that." 

And, on a final note, another reader suggests that situations like this can actually get better, "But it's never a bad idea to keep your resume updated, in case you just can't take it anymore."

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- Sherry Ramm, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2009, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: . If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe to this newsletter ...
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail