SANS Technology Institute - Leadership Laboratory

Qualitative vs. Quantitative Risk Assessment

In this article Stephen Sims expounds on the three levels of qualitative risk assessment and how to determine the cost associated with compromise, the likelihood of discoverability, and the difficulty of execution. He introduces a multi-dimensional approach in areas of assessing vulnerability.

Manage the Message - How to communicate appropriately during the phases of a crisis

At SANS.edu we teach the following six step process for computer security incident response and this can also be applied when responding to public disruptive events: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

SANS Technology Institute - Risk Appetite Statement

The SANSTechnology Institute accepts anelement of risk in almost every activity it undertakes and risk appetite can be determined by answering the question: “How willing is STI toaccept risk related to key initiatives, business and educational drivers?” This essay uses a five point scale to rank risk appetite.

SANS SMART Action Item Assignment

We have put together a form to assess action items based on the SMART concept, a vital management strategy we teach in SANS Mgt512: Security Leadership Essentials for Managers: "SMART" is how you should work. That is, you need to know that the action items you assign are specific, they can be measured for completeness and quality, and they are achievable, realistic, and time-based. Following are the questions you need to ask in order to know if your action items are "SMART":

Is the action item sufficiently specific that a person knowledgeable about the task could describe it to someone else?
Can the task output be measured?
Can the task be done? This question sounds too obvious, but remember that no job is impossible for the person who doesn't have to do it. Make sure you don't fall into that trap.
Is the goal realistic? Again, will it withstand scrutiny by a knowledgeable third party? If not, perhaps the objective needs rework. Is the objective stated in such a way that the person responsible can be expected to know when it is due?

Varied Paths Taken to Information Security Competency

This is a snapshot of the responses I received from about 50 members of the GIAC Advisory Board when I asked them: If you would be willing, I would appreciate a one paragraph explanation of how you first started working in security and how you became fully competent.

Leadership Essay

This essay defines the management and leadership competencies taught at the SANS Technology Institute. Most of them are covered in MGT421 Leadership and Management Competencies; MGT512 Security Leadership Essentials; and, MGT525 Project Management and Effective Communications.

Excerpts from STI Student Work Study Leadership Essay

The Community Program Requirement for the SANS Technology Institute (STI) Masters Program serves as an orientation for the students and ideally happens early in their time with the school. We ask them to write an essay about their experience directly relating it to leadership competencies.

How to Pass the GSLC Exam

If you will invest some time to prepare before starting your MGT512 class you will be able to follow the material discussed in class better. Additionally, the more you prepare for the GSLC exam the better you will do on your exam. Here are a few tips that will help you get the most out of your class and exam.

Leadership and Mentoring of Young Employees

Jim Horwath, MSISE student at SANS Technology Institute (STI) examines the importance of mentoring young employees in order to build future leaders.

Research Question - What is an A3

The Planning and Governance Self-Study working group has a set of research questions that guide its actions. Here, we look at a primary element of governance, the A3.

One-On-One Meetings

Richard Wanner, MSISE student at SANS Technology Institute, examines the importance of one-on-one meetings in the workplace and provides a framework for implementing successful one-on-one meetings with employees.

Pandemic Watch 2010

H1N1 Pandemic is no longer a world wide threat. We are watching the "Superbug" and H1n5, but they are not very contagious. The content is tailored to infosec and disaster recovery professionals who may need to brief senior management. In the Northern hemisphere the primary focus should be preparing work from home capability for the 2010/2011 and standard winter flu.

Application: SANS Workplace Revitalization Scholarship Program

The SANS Workplace Revitalization Scholarship Program is designed to help employed workers who were formerly technical but have moved into middle management positions and now want to regain their technical edge. Apply before August 31, 2010 to receive heavily discounted training and GIAC exams focusing on digital forensics.

Introducing SANS 2010 Mentor of the Year, Zoher Anis

The SANS Mentor program is an innovative approach to training for information security professionals - one description is specialist assisted self-study. SANS recognizes the unique aspects of this training and wants to give special recognition to Mentors that put the extra effort into making sure their students have the best training possible. Chris is one of those very special people with talent and a willingness to share their knowledge.

Chris Crowley, SANS 2010 Mentor of the Year

Leadership Essay SANS Technology Institute

Erik has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes leadership in military communications.

Leadership Essay SANS Technology Institute

Kevin Fuller has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes his experiences in “technical” leadership.

Effective Communication Leads to Understanding

An effective leader must share their vision by structuring and communicating the content of their message in a way that the listener will accurately decode the meaning of the message; this paper will explore the means for a leader to implement an effective communication plan

Leadership Essay SANS Technology Institute

Vince has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay discusses the importance of vision as a leadership quality. A good leader must have a vision, possess the ability to communicate that vision, and have the determination to make that vision a reality.

The Security Manager and Business Situational Awareness

Business unit managers and business operations leaders are always telling information assurance managers that "Security needs to be aligned with business". This is one of the primary goals of both the SANS Technology Institute's Master of Information Security¹ programs and also the SANS Security Leadership Essentials² course, but what are the fundamental things security managers can do to help align security with the needs of the business? We suggest that progress is possible if there is a process in place to develop and maintain business situational awareness.

Applying the Pareto Principle to Information Security Management

Charlie Scott, MSISE student at SANS Technology Institute, explores how information security managers can use the Pareto Principle to their benefit. The Pareto Principle, in general, means that approximately 80% of any given effect can be attributed to approximately 20% of the possible causes. Charlie prepared this paper for the SANS MGT 421: Leadership and Management Competencies course.

Making Time Zones Work For You

Most people complain about time zones, they consider them an impediment. Let's consider some strategy to make time zones work in our favor as opposed to being a problem.

The Erosion of Personal Privacy

Talking about Privacy is a bit like talking about Climate Change; there is a lot of data pointing in a number of directions, people have strong and conflicting opinions, and if we get this wrong, the consequences could be disastrous. As a leader, it is important to understand personal privacy and ensure you, your family, and the people that report to you are at least aware of the risks of ubiquitous data collection.

Trust and Leadership

Ahmed Abdel-Aziz, MSISE student at SANS Technology Institute, discusses the importance of Trust in leadership, how to build Trust, and how leaders use Trust to do good or evil. Ahmed prepared this paper for the SANS MGT 421 Leadership and Management Competencies course.

How To Budget Time

To be successful as a leader we need to budget our time, our resources, and our finances. Often we do not give sufficient consideration to our time. Take a minute to check your Daytimer; if you do not have regular appointments six months out or more to do the critically important tasks such as planning, personnel management, and systems and budget reviews, it is an indication that you are living day to day. It means every crisis that comes up can derail your program. Studies continue to show people that say what they are going to do, as well as when and where they are going to do it outperform those that do not.