I cringed when I heard my knowledgeable coworker call my boss an idiot and tell him his ideas would doom the company to security failure.

See, I've been that guy. And in a 22-year-plus career, I've sometimes regretted it. There is almost always a better way of presenting your case than telling your boss you won't do something or won't participate in a particular way. I can understand denying participation in something illegal (which I've also had to do a few times), but frequently, the emotion comes about because the security person strongly disagrees with a particular technical decision.

[ Here are two more ways to set yourself apart from your peers. | Get better at doing security with InfoWorld's free "Security Boot Camp" online class. | Subscribe to InfoWorld's free weekly Security newsletter to stay informed of the latest threats and fixes. ]

It's all right to oppose something you feel strongly about, but oftentimes these principle stands end up being career-limiting moves. As a passionate worker, you think you're helping to correct the boss' mistaken factual understanding, but you fail to understand that the boss just marked you as a "problem employee." That will show up somewhere in your next annual review or around bonus time -- or these days, when the boss is decides who gets to keep their job.

At 42 years old (almost 43), I've learned that presentation has a lot more value than I used to believe. How you say it is as important as what you say, perhaps more if you want to win the technology argument.


I've learned that passion is a good thing, but best when used sparingly in public. What might be great enthusiasm in a speech or presentation comes off as a little overly excited in a one-on-one meeting with your boss or in a team gathering. It's even OK to be passionate to the boss when you support one of his or her ideas or a direction in which the company is already headed.

Passion is risky when going against the flow. In college and education ads, they always say we should be aggressive risk-takers and speak the truth as loudly as possible whenever possible. But if you want to see a person that has been with the same company for 25 years, I'll show you someone that most likely did what they were told. The hard reality is that taking passionate risks and constantly being outspoken can more easily threaten your career than simply following instructions and being passive. It's called risk for a reason.

Taking risks means you are going against the general flow. And even if you're right, you may not get credit, or you won't get credit until after you're gone. Suppose you believe that your company needs to spend an enormous amount of money on XYZ firewall to remain perfectly protected. Even though XYZ firewall is a huge expense, you argue your case with management, and after much blood on the ground, you win and get approval to buy and install that firewall.

There is a good chance that if the firewall does its job perfectly and your company suffers no successful attacks, management will think that it overbought and perhaps didn't need such great protection. I can assure you some other team that is making money for the company will complain how your stupid ideas are constraining the organization from making even more revenue and could even be losing customers.

Or suppose malware comes in another way -- say, on an employee's USB key -- and infects the company. Management will definitely wonder why it spent all that money on the firewall when you should have been better managing USB keys.

[ A top 10 security list will help keep you and the rest of the company focused on the biggest threats. ]

����