Recently I've been introduced to the principals of Ray Dalio of Bridgwater. In the course of reading them I've found them to be very interesting and inline with much of how I think (Read Ray's Principles). In the past year I've been talking with people in my team about why they do Security as I feel it's very important for all of us to be clear on our motives. It's been very interesting to see the results. With asking the simple question of why and giving my motivation as an example, they have gone through a great deal of self reflection. The result has been and continues, to be exciting.
The self reflection has driven them to understand what motivates them and what doesn't. This, of course, goes well beyond just work and to every facet of what they do. Why do you hike? Why do you play video games? Why are you doing art? In context of Security it's more of a "Why do you suffer the pains of being a Security practitioner?". To me this is defines if they will be a driver of solutions or just a follower of others. With a grounded understanding of what their principles are and why they do what they do, they have found their voice. Their voice to challenge others and apply their energies directly to what they believe in. They have become more active in what they do and more collaborative as a result.
We all are faced with significant resistance in putting in even the basic of controls to defend our environments and data from attack. No one has ever really come to me and said "Thanks for taking my administrative rights away". We are seen as paranoid or hurdles to progress as opposed to, how I see it, doing our fiduciary responsibility. Of course this resistance is highly dependent on how we approach the problem, but it's always there. The question is why would anyone want to do that job?
Regardless of which, I encourage anyone reading this to read Ray's Principles and take time out and think of what your principles are and why you do what you do.