Setting, and sticking to, your web security goalsCan you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the resolve to get things done is usually gone by February or March. We end up going down the predictable path and setting ourselves up for disappointment time and again. The things that need to get done are put off yet another year and our web-related security risks continue to grow.

There’s a saying that the road to Hell is paved with good intentions. But it doesn’t have to be that way. Establishing what needs to be done and then and following things through to completion is very do-able, if you go about doing it the right way. It’s basic goal management, yet most people (I’ve heard as little as two percent) ignore its value. Don’t fall into this trap. Your web security will suffer and you’ll likely end up not achieving what you’re truly capable of in your work. Here are 5 simple steps for setting, managing, and achieving your goals in the New Year:

  1. Determine what you want to accomplish and document it in the present tense.
  2. Set a deadline for each goal.
  3. Document the specific steps that need to be taken to achieve each goal.
  4. Start immediately – even if it’s something small.
  5. Revisit your goals at least once a week to keep them on the top of your mind.

Taking all of these things into consideration, a specific web security-related goal for 2013 might be the following:

I perform monthly vulnerability scans on my enterprise web applications.
The first Monday of every month, I use Acunetix Web Vulnerability Scanner (or whatever tools) to scan for security flaws on the ERP, content management, and cloud web applications. I run scans both without and with authentication. Upon completion, I generate a report, document my specific findings, and deliver it to the appropriate team members.

You can set goals around web security vulnerability remediation, manual analysis, system maintenance, training – you name it. The important thing is to document your goals, put reminders on your calendar, and then get in the habit of addressing doing something to work towards them as needed.

Basketball coach Bobby Knight once said “The will to win is not nearly as important as the will to prepare to win.” Stop living out the goals of others – especially those who have no knowledge of or interest in web security. If you establish your own set of goals and start to make things happen, even if your resources are limited, you’ll be seen as a person of value and will build the credibility and respect of others which can help you in countless ways related to web security – both professionally and personally.

Kevin Beaver

Kevin Beaver, CISSP is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 32 years in IT and 26 years in security, Kevin specializes in vulnerability and penetration testing, security program reviews, and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.

Comments are closed.