der Mouse wrote:
>> The vast majority of IT executives are unfamiliar with all of the
>> principles of security, firewalls, coding, whatever.
> ...
>> The important thing to understand is that such principles are below
>> their granularity; the[y] are *right* to not care about such
>> principles, because they can't do anything about them.
> Perhaps - but then, they have to stop second-guessing the people who
> *do* know what they're talking about.  Trying to have it both ways -
> management that is inexpert but nevertheless imposes their opinions on
> design or buying decisions - is a recipe for disaster, and, while
> hardly universal, is all too common.
I submit that really *good* managers do listen to the experts around
them. That is really basic to good management; surround yourself with
experts, and then listen to them.

Of course there's lots of bad managers, because managing is so
subjective that bad managers find it easy to survive. Measuring the
quality of management is about as difficult as measuring the quality of

> I've never understood why it is that managers who would never dream of
> second-guessing an electrician about electrical wiring, a construction
> engineer about wall bracing, a mechanic about car repairs, will not
> hesitate to believe - or at least act as though they believe - they
> know better than their in-house experts when it comes to what computer,
> especially software, decisions are appropriate, and use their
> management position to dictate choices based on their inexpert,
> incompletely informed, and often totally incompetent opinions.  (Not
> just security decisions, either, though that's one of the cases with
> the most unfortunate consequences.)
Because the kind of personality that seeks to become a manager is a
self-important arrogant snot, myself included :) It thus takes conscious
effort to listen to the opinions of others, and let them win when they
have a persuasive argument.

Even more simple: this trait of believing your own opinions more than
those of others is nearly universal in humans. Managers simply have the
power to indulge themselves, and only occasionally have the wisdom to
*not* indulge themselves.


Crispin Cowan, Ph.D.     
CEO, Mercenary Linux     
               Itanium. Vista. GPLv3. Complexity at work

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to