One the hardest things we have to do is to build trust.
It’s not hard for everyone, just us specifically. It’s not in our nature.
Security people tend not to trust anyone. Everything we do is based on not trusting anyone, it’s literally our job. Trust is a two way street. If you expect someone to trust you, you have to trust them to a certain degree. This is our first problem. We don’t trust anybody, for good reason often, but it’s a problem. We have to learn how to trust others so we can get them to trust us. This is of course easier said than done. Would you trust someone with your password? I wouldn’t, but a lot of people do. This is a place where they won’t understand why we don’t trust them. Of course sharing a password isn’t a great idea, but that’s not the point.
I have a recent example that sort of explains the problem. It’s not related to security, but the idea is there. A friend does graphic design work and was tasked to create a logo. This is easy enough, he made a few rather nice logos for the client to choose from, but then things went crazy. None were good enough, so they just kept bikeshedding the logos. The designer was of course very upset as this isn’t productive and honestly, the end result always ends up looking almost exactly like one of the first few logos. Furthermore, the people commenting aren’t graphics people, so many of the suggestions were just silly. Because they didn’t trust the designer, now the designer doesn’t trust them.
So how could this scenario have gone down? Ideally you look at what the designer gives you, you can give some feedback along what you think, things like “It has too many colors” or “It’s not bright enough”, not “The second letter A should be 3 piexels to the left”. You have to trust your designer will give you something that does what you need it to do. It won’t be perfect, it just has to be good enough. And in time as trust is built between you and the designer, the results will just keep getting better.
How many times have you sent back a presentation or whitepaper because it wasn’t perfect? Or decided to just do something yourself because the writer wasn’t doing a good enough job? Those people no longer like you. They think you’re a rude inconsiderate jerk. They’re probably right.
You can’t just show up and demand trust, that never works. You can’t demand perfection. Everyone is good at their own things, you have to trust that if you’re working with a writer, or designer, or developer, they’re going to do a job that’s good enough, possibly better than you could ever do, if you let them.
Join the conversation, hit me up on twitter, I’m @joshbressers