Influencing without Authority:
[Esha] I live and breathe the learnings from this session, because one of the most effective ways to be more secure is to improve security awareness. This is easier said than done. There are several situations we come across, where we have to step in and gently steer discussions to more robust solutions. The powerful story from “Endurance” by Alfred Lansing resonated with me. While he was in a position of authority, he planted an idea and nurtured it so that the solution seemed obvious to his crew. Had he suggested this idea and enforced it using his authority, he would have less support and more trouble implementing it. It is important to take the time to understand what others want in order to propose mutually beneficial solutions. Encouraging candid and honest conversations is often key to arrive at mutually beneficial solutions. We find a way to act on the DoorDash Values of “And, not either/or” and we engineer a way to do both. While working on security assessments, there were continuous periods of partnership with engineering teams to triage and resolve findings. This as well as the learnings from the next topic helped me negotiate fixes to improve security. [Geeta] As a Security Project Manager one part of our daily lives is to move projects, assessments/audits, and programs forward but yet more than likely the team members do not report into us. As Project Managers we often think about what we want to achieve but we need to think about the team members and team’s we are trying to influence to figure out what they want. In order to truly be successful in meeting milestones/deadlines we have to go in with an open mindset and truly listen to what motivates the people we are trying to influence to get the things we want done in the timeframe we want. Then and only then can we move the agenda and the business forward easily (well relatively “easily” anyway!). For example, at DoorDash we conduct an annual PCI (Payment Card Industry) audit and we perform security penetration tests on a regular cadence. As we have had dramatic growth, we need to continually ensure the security posture of our systems/services to protect and to uphold the trust of our employees, dashers, merchants and consumers. In our security team we had a plan on what service/system we wanted to target for pen testing in our quarterly objectives and throughout the year. However, that did not necessarily translate or mean the product teams were also marching forth to that same beat. We quickly realized that although product teams were motivated to make systems/services more secure that we were not reaching out to them in their planning cycle to get the commitment from their manager. In parallel we took the needed steps of communication and collaboration via meetings and wiki documentation to share the expectations, the process, and timelines from the product team, security team member(s) and the 3rd party security pen testing consultancy to ensure alignment. By going in with that mindset and sharing with the product teams we give ourselves a higher probability of successfully influencing and a better outcome overall and a much stronger relationship among all the internal and external stakeholders.
Being Strategic:
[Esha] As a Security Engineer, I am constantly heads down in tackling the next tactical problem. This session forced me to look at things from a different point of view and wanting to understand how my decisions were impacting the business. While I didn’t give it much thought earlier, I realized that it was critical and now, it seems like I cannot turn it off. I think about every project proposal and design from a strategic point of view. Just incorporating the word strategy in daily vocabulary has involuntarily made me think about things more strategically. [Geeta] As a Security Project Manager I often think “actions speak louder than words” but through this program we also learned our words do matter and can influence the people around you! By simply changing our vocabulary and incorporating the word “strategy” into our discussions or meetings we change how people view us and how we come to view ourselves. It was really fun to see at the beginning of our leadership forum how uncomfortably the words “strategy or strategic” rolled off our tongues but how towards the end of the session we got more comfortable. Like many of my women leadership team members, I also felt it a bit unnatural in the use of the word “strategic” initially. However, having been feeling “action item driven” or called “tactical” for many years and consequently taken on many tactical or housekeeping tasks I decided to break out of my comfort zone. So that same afternoon I explained to a new verticals team on how our process helps us to be strategic and to scale when dealing with requests from DoorDash’s current or potential merchants/partners (i.e. lengthy security questionnaires). After this meeting they understood clearly on how the best way we could partner together to meet the ever growing merchant/partner needs for addressing the security concerns.Security Networking (not to be confused with Network security!):
[Esha] As a Security Engineer, I always knew networking is important, but I didn’t really put much effort into my building and maintaining my network until I needed it. And that is often too late. Today, I actively reach out to my network to stay current on security happenings, tools, news, etc.. I look to my network for solutions to problems that they may have already faced or a different perspective on problems. Sometimes, I just check in with folks in my network to keep in touch. [Geeta] For me as Security Project Manager networking is important but never really put much effort forth until we needed to. So in trying to launch and build some internal “strategic” initiatives, I found a reason in which to reach out to my network of security comrades in the security arena at other companies. It has helped me find a common reason and way to start a mutually beneficial dialogue. Also, we have sought out ways in which to make time for networking events as our male counterparts would typically do by attending security events and networked and reached out to people we have met afterwards. Our internal DoorDash network has also been strengthened by this program not just in the 14 other women we met with monthly through this program, but also by remembering to network and collaborate internally through even informal activities like Happy Hours or lunches/dinners in our kitchen. Both of us have come to realize that this program has given us the tools and confidence to show up with best versions of ourselves at DoorDash. We always had the ingredients in us; that’s why we were hired into DoorDash. However, taking ourselves to the next notch is something we both gained through this program. The more surprising aspect is the impact that the WINE Leadership forum has had outside of DoorDash. To me this program is bigger than this first incredible cohort of women that I got to share it with. To me this program is one part of a bigger environment we are developing at DoorDash and outside of it in our personal lives. The soil and culture must be nourished and fertile to enable the growth of an ecosystem. From this fertile soil grows WINE Leadership Forum as the main tree trunk. And out of that solid trunk grows many branches for the many programs like Women in Eng, Better Ourselves Speaker series, the Women Employee Resource Group, Women’s Leadership Day, Fem Buddies, Women Happy Hour, and Grace Hopper. This program has had a wider reaching and far longer lasting impact than just what we experienced in the 6 month span. Everything that we discussed is transferable and is something we use daily in our personal lives as wives, mothers, partners, sisters, and friends. When you equip a woman with leadership skills like we were in the WINE Leadership Forum you transform her entire ecosystem.
