How to seek knowledge sharing from professional network without appearing self - serving or intrusive?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
0
down vote

favorite












I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.



While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.



I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.




Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?



If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?











share|improve this question

















  • 2




    you want to be self serving, yet appear that you're not?
    – Kilisi
    yesterday










  • If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
    – berry120
    yesterday










  • Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
    – SaltySub2
    yesterday

















up vote
0
down vote

favorite












I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.



While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.



I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.




Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?



If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?











share|improve this question

















  • 2




    you want to be self serving, yet appear that you're not?
    – Kilisi
    yesterday










  • If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
    – berry120
    yesterday










  • Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
    – SaltySub2
    yesterday













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.



While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.



I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.




Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?



If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?











share|improve this question













I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.



While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.



I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.




Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?



If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?








communication networking






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 2 days ago









Anthony

5,2921355




5,2921355







  • 2




    you want to be self serving, yet appear that you're not?
    – Kilisi
    yesterday










  • If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
    – berry120
    yesterday










  • Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
    – SaltySub2
    yesterday













  • 2




    you want to be self serving, yet appear that you're not?
    – Kilisi
    yesterday










  • If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
    – berry120
    yesterday










  • Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
    – SaltySub2
    yesterday








2




2




you want to be self serving, yet appear that you're not?
– Kilisi
yesterday




you want to be self serving, yet appear that you're not?
– Kilisi
yesterday












If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday




If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday












Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday





Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday











2 Answers
2






active

oldest

votes

















up vote
1
down vote













Sharing knowledge is perfectly normal.



In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.



The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).



As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.




In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.




It is also worth being aware of the line between sharing best practices and asking for free work.



In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).



If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.



I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.






share|improve this answer



























    up vote
    0
    down vote













    Hire them.



    You say you dont want to appear self serving, while in fact you are.



    If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "423"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f119031%2fhow-to-seek-knowledge-sharing-from-professional-network-without-appearing-self%23new-answer', 'question_page');

      );

      Post as a guest






























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      1
      down vote













      Sharing knowledge is perfectly normal.



      In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.



      The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).



      As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.




      In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.




      It is also worth being aware of the line between sharing best practices and asking for free work.



      In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).



      If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.



      I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.






      share|improve this answer
























        up vote
        1
        down vote













        Sharing knowledge is perfectly normal.



        In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.



        The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).



        As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.




        In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.




        It is also worth being aware of the line between sharing best practices and asking for free work.



        In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).



        If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.



        I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.






        share|improve this answer






















          up vote
          1
          down vote










          up vote
          1
          down vote









          Sharing knowledge is perfectly normal.



          In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.



          The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).



          As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.




          In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.




          It is also worth being aware of the line between sharing best practices and asking for free work.



          In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).



          If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.



          I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.






          share|improve this answer












          Sharing knowledge is perfectly normal.



          In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.



          The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).



          As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.




          In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.




          It is also worth being aware of the line between sharing best practices and asking for free work.



          In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).



          If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.



          I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered yesterday









          Bilkokuya

          1,1101313




          1,1101313






















              up vote
              0
              down vote













              Hire them.



              You say you dont want to appear self serving, while in fact you are.



              If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.






              share|improve this answer
























                up vote
                0
                down vote













                Hire them.



                You say you dont want to appear self serving, while in fact you are.



                If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.






                share|improve this answer






















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  Hire them.



                  You say you dont want to appear self serving, while in fact you are.



                  If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.






                  share|improve this answer












                  Hire them.



                  You say you dont want to appear self serving, while in fact you are.



                  If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered yesterday









                  Martijn

                  1,9411723




                  1,9411723



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f119031%2fhow-to-seek-knowledge-sharing-from-professional-network-without-appearing-self%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Comments

                      Popular posts from this blog

                      What does second last employer means? [closed]

                      Installing NextGIS Connect into QGIS 3?

                      One-line joke