If you are like most infosec professionals, each day brings new and interesting challenges.
However, like most jobs, there are valleys that we fall into along the course of our professional development. How long can you stare at your SIEM tool before you start to experience some mild tunnel vision, or worse, severe burnout? Neither of these are productive paths for you or your employer.
When I find myself heading down that path of waning motivation, I exercise a 3-step plan to get back on track. I call it the Do Something, Know Something, Learn Something plan.
Here is how it works:
Set three recurring calendar events, each lasting an hour with a 30-minute break in between each task. For the first task, assign some of your daily activities that need your attention.
This may be writing up a report, updating your monitoring logs, or performing triage on the security events under your responsibility. This is the “Do Something” phase. This one is most important, as it is probably the bulk of what is required of your job duties. This task will not only recur daily but should be set to recur multiple times throughout the day.
The next task that should be on your calendar is the “Know Something” task. This is the task where knowledge is the goal.
If you maintain any certifications, this is where a continuing professional education (CPE) credit-eligible webcast can fill the task requirement. This task time-slot can also be used to familiarize yourself with a new regulation or perhaps to just catch up on some of the infosec news of the day.
The purpose here is to increase your knowledge about infosec topics that may come up during a lunch conversation, or perhaps an impromptu conversation with a senior executive in your office. This type of knowledge adds credibility to your role, which is a valuable asset both personally and professionally.
The third task is the “Learn Something” task. This is different from simply knowing, as it is where you use the time to actively research a new skill or learn a new tool.
If your employer is receptive and flexible, the learning can be tangentially related to infosec. For example, knowing the pin-out patterns of various cables may not be directly related to your particular job, yet it is valuable information that can improve your infosec skills in immeasurable ways.
I find that running this three-step pattern over the course of a month does wonders for breathing new life into my job routine. It also brings more value to your employer. Above all, be sure not to let your daily responsibilities slip. This is why the “Do Something” task needs to recur throughout the day.
I understand that you may not have a job that allows the daily attention to each task that I have described here; however, I am certain that there is a way to spread this plan out so that you can implement it to keep you from becoming numbed by the same tasks every day.
After all, we are working in one of the most exciting fields that doesn’t require any physical danger. I hope my three-step approach helps you to keep excitement alive while improving your skills and your value.