Mixing
How to seek knowledge sharing from professional network without appearing self - serving or intrusive?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
0
down vote
favorite
I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.
While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.
I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.
Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?
If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?
communication networking
asked 2 days ago
Anthony
5,2921355
add a comment |Â
up vote
0
down vote
favorite
I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.
While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.
I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.
Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?
If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?
communication networking
asked 2 days ago
Anthony
5,2921355
2
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.
While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.
I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.
Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?
If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?
communication networking
asked 2 days ago
Anthony
5,2921355
I am currently the team lead of the IT audit and risk team at my company. Recently business processes in IT are being re-engineered and management has approached us about assisting them to improve certain IT controls and cybersecurity incident response procedures.
While I have decent experience in IT security / risk management domain from several years of work experience and soon to be CISA, I am always open to critique and hearing of current best practices as cyber security is a very dynamic field within IT. Many members of my professional network work in InfoSec and I am in fairly close contact with them. We do not work in the same industries and we do not compete as rivals.
I would like to ask them about some successful techniques / best practices they may be using to monitor cybersecurity controls at their company, without coming across as intrusive. I realize this knowledge is security sensitive and may be exploitable by blackhats if misused. I also realize that from a business perspective, I am a 3rd party that should rightly raise trust issues.
Is asking other professionals in the same industry in your network to share such knowledge appropriate in such circumstances?
If yes, how can I ask for such knowledge sharing without appearing self - serving or intrusive?
communication networking
communication networking
asked 2 days ago
Anthony
5,2921355
asked 2 days ago
Anthony
5,2921355
asked 2 days ago
Anthony
5,2921355
asked 2 days ago
Anthony
5,2921355
asked 2 days ago
Anthony
5,2921355
5,2921355
2
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday
add a comment |Â
2
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday
2
2
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
Sharing knowledge is perfectly normal.
In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.
The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).
As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.
In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.
It is also worth being aware of the line between sharing best practices and asking for free work.
In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).
If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.
I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.
answered yesterday
Bilkokuya
1,1101313
add a comment |Â
up vote
0
down vote
Hire them.
You say you dont want to appear self serving, while in fact you are.
If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.
answered yesterday
Martijn
1,9411723
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Sharing knowledge is perfectly normal.
In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.
The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).
As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.
In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.
It is also worth being aware of the line between sharing best practices and asking for free work.
In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).
If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.
I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.
answered yesterday
Bilkokuya
1,1101313
add a comment |Â
up vote
1
down vote
Sharing knowledge is perfectly normal.
In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.
The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).
As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.
In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.
It is also worth being aware of the line between sharing best practices and asking for free work.
In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).
If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.
I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.
answered yesterday
Bilkokuya
1,1101313
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Sharing knowledge is perfectly normal.
In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.
The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).
As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.
In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.
It is also worth being aware of the line between sharing best practices and asking for free work.
In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).
If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.
I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.
answered yesterday
Bilkokuya
1,1101313
Sharing knowledge is perfectly normal.
In the majority of industries and disciplines, sharing knowledge and best practices is seen as a best practice in itself.
The main benefit is that bringing other people up to your level, allows them to find problems that may eventually affect you - and share their (now relevant) learnings back to you. In industries such as IT, Development and Security - it also increases the likelyhood of robust tools being created, as more people begin to have similar needs (again, benefitting everybody).
As evidence of this, there are a plethora of conferences, knowledge sharing events, blogs and engagement on platforms like SE - where best practices are freely exchanged. If asking for advice was always seen as self-serving, it's safe to say these avenues would not exist in such large numbers.
In my experience, the best way to ask for advice - is simply to ask them. Whether that's in person or via an email chain, most people will be willing to share a small amount of advice without anything more formal.
It is also worth being aware of the line between sharing best practices and asking for free work.
In general, if you're asking for a general pointer for things to consider/research further - you're safe (and at worst, will simply not get a reply - but your reputation will not suffer).
If you're asking for specific advice/implementation for problems that only affect your workplace - or asking for any kind of drawn out discussion - you're asking for work, which should happen through a consultant.
I feel that distinction is generally quite common-sense though, and doesn't need to much thought. If you'd be willing to reply to somebody else with what you're asking - then it's generally fine.
answered yesterday
Bilkokuya
1,1101313
answered yesterday
Bilkokuya
1,1101313
answered yesterday
Bilkokuya
1,1101313
answered yesterday
Bilkokuya
1,1101313
1,1101313
add a comment |Â
add a comment |Â
up vote
0
down vote
Hire them.
You say you dont want to appear self serving, while in fact you are.
If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.
answered yesterday
Martijn
1,9411723
add a comment |Â
up vote
0
down vote
Hire them.
You say you dont want to appear self serving, while in fact you are.
If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.
answered yesterday
Martijn
1,9411723
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Hire them.
You say you dont want to appear self serving, while in fact you are.
If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.
answered yesterday
Martijn
1,9411723
Hire them.
You say you dont want to appear self serving, while in fact you are.
If you want their knowledge, you could simply hire them for an consult. If they are professionals, treat them professional, at least if you want professional result.
answered yesterday
Martijn
1,9411723
answered yesterday
Martijn
1,9411723
answered yesterday
Martijn
1,9411723
answered yesterday
Martijn
1,9411723
1,9411723
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f119031%2fhow-to-seek-knowledge-sharing-from-professional-network-without-appearing-self%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
you want to be self serving, yet appear that you're not?
– Kilisi
yesterday
If it's someone who you know on a vaguely personal level, just shoot them a message and ask if they'd be up for chatting about it over a drink (with you buying of course!)
– berry120
yesterday
Does your professional network have official LinkedIn groups, meetups, activities, etc? That appears to be the most "neutral" way to communicate. One-on-one is the most risky. Software developers do not do this in general except in broad ways eg. via Stack and other means. Even asking another non-competing company in the same co-working space what web stack they use can be extremely invasive (if deemed so by them). I can only imagine how touchy InfoSec must be.
– SaltySub2
yesterday