Setting, and sticking to, your web security goalsCan you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the resolve to get things done is usually gone by February or March. We end up going down the predictable path and setting ourselves up for disappointment time and again. The things that need to get done are put off yet another year and our web-related security risks continue to grow.

There’s a saying that the road to Hell is paved with good intentions. But it doesn’t have to be that way. Establishing what needs to be done and then and following things through to completion is very do-able, if you go about doing it the right way. It’s basic goal management, yet most people (I’ve heard as little as two percent) ignore its value. Don’t fall into this trap. Your web security will suffer and you’ll likely end up not achieving what you’re truly capable of in your work. Here are 5 simple steps for setting, managing, and achieving your goals in the New Year:

  1. Determine what you want to accomplish and document it in the present tense.
  2. Set a deadline for each goal.
  3. Document the specific steps that need to be taken to achieve each goal.
  4. Start immediately – even if it’s something small.
  5. Revisit your goals at least once a week to keep them on the top of your mind.

Taking all of these things into consideration, a specific web security-related goal for 2013 might be the following:

I perform monthly vulnerability scans on my enterprise web applications.
The first Monday of every month, I use Acunetix Web Vulnerability Scanner (or whatever tools) to scan for security flaws on the ERP, content management, and cloud web applications. I run scans both without and with authentication. Upon completion, I generate a report, document my specific findings, and deliver it to the appropriate team members.

You can set goals around web security vulnerability remediation, manual analysis, system maintenance, training – you name it. The important thing is to document your goals, put reminders on your calendar, and then get in the habit of addressing doing something to work towards them as needed.

Basketball coach Bobby Knight once said “The will to win is not nearly as important as the will to prepare to win.” Stop living out the goals of others – especially those who have no knowledge of or interest in web security. If you establish your own set of goals and start to make things happen, even if your resources are limited, you’ll be seen as a person of value and will build the credibility and respect of others which can help you in countless ways related to web security – both professionally and personally.

Kevin Beaver

Kevin is an information security consultant with 30 years experience, providing independent security assessments and penetration tests, security consulting and virtual CISO services, writing and security content development, and speaking engagements keynotes, panel discussions, and webinars.

Comments are closed.