Heidi Shey serves Security & Risk Professionals. See the full Analyst bio.
Visit Forrester.com to learn how we make Security & Risk Professionals successful every day.
Follow Heidi on Twitter.
How Do You Maintain Your Security Edge?
Posted by Heidi Shey on December 7, 2012
Keeping up with the threat and IT landscape, looking ahead to future technology and disruptive technologies, and keeping up with the regulatory landscape to identify what it means to your organization is no small task. It’s also not a technology issue, but one that involves your most valuable asset: people. S&R pros, call it maintaining your security edge: keeping skills fresh, encouraging new ideas to flow, and preventing the security group from getting stale and set in their ways and habits. Fail to invest in your people, and an exodus of talent will the least of your concerns as a new type of internal threat is born. A security team and an organization that maintains their security edge will be better equipped to protect the organization and its assets through better decision making at all levels.
I’m kicking off research on this topic in the coming weeks, and would love to hear what you think it means to maintain your security edge. My initial ideas approach the topic from three angles:
- Individual security contributors. These are the folks that need to keep their skills fresh and network with peers. Consider opening up opportunities for them to take continuing education courses, achieve certifications, or attend conferences. Encourage participation in online communities or social networks to connect with peers.
- The security group as a whole. This is where group think may occur, and lead to less than optimal decisions, especially if there hasn’t been much focus given to the development of individual security contributors. Bringing in new blood and a fresh perspective with an external advisor can be beneficial. Or, perhaps, engage in information sharing with other organizations where appropriate.
- The company as a whole. Employees are the front line of defense. Not all forms of security awareness training are created equal, and it’s an exercise to determine where you’ll get the most bang for your buck, effort, and time. Also, understand how employees work, and the (non-company supported or provided) tools and services they use, in order to better assess risk and help to securely enable them to get their jobs done.
How do you maintain your (personal) security edge, and your organization’s security edge? Do you see it primarily as a people issue today, or are there elements of a technology, policy, vendor, or service provider relationship that you see to be vital as well? I’d love to hear your thoughts.
274You recommended this post
Facebook
LinkedIn
Twitter
Comments
Your 3 angles are right on
Your 3 angles are right on target Heidi. Individuals can also stay sharp simply by carving out time to read all the excellent sources of security information available for free. Another idea I promote in my team is to spend time in our IT Security lab playing with various security (and hacker) technology. This keeps your technical skills sharp and gives you firsthand experience with the tools of the trade. Good luck with the research.
Good points
Thanks for your comment Brian! I like the idea of carving out time to read as well as play with different tools (you can't beat firsthand experience!) too. The key here is to have that type of support coming from leaders like yourself who promote that use of time and create the environment for teams to do so.
Post new comment