Five Habits IT Security Professionals Need To Break

  /     /     /  
Publicated : 22/11/2024   Category : security


Five Habits IT Security Professionals Need To Break


To move forward, security pros need to break old thinking, (ISC)2 Congress panel says



CHICAGO -- (ISC)2 Congress 2013 -- If security professionals want to take their craft in new directions, then they need to stop thinking in old ways, experts said in a panel here Tuesday.
In a panel, entitled Cyber Security -- Where the Industry Is Headed Next Year and Beyond, seven industry leaders said security is sometimes stuck in a continuous loop because professionals continue to make the same mistakes and sometimes have trouble thinking in new ways.
Five examples of bad habits that security pros need to break, according to the panel:
1. Treating IT security as something thats separate from the business
We need to stop approaching security as something technical that users and executives cant understand, said Spencer Wilcox, security strategist at Excelon. Sell your executives on your security program -- gamify it, and make it interesting to your executives and your users.
Be aware of whats happening at the business level, said Tony Vargas, technical leader for engineering at Cisco Systems. Dont separate yourself from it.
2. Saying no
Too often, security as seen as an obstacle to the business, instead of an enabler, Vargas said. You need to get people involved, make them part of the solution, rather than seeing security as something thats in the way.
We need to stop saying no and start asking why, said Erin Jacobs, founding partner at Urbane Security. Most of the time, when users try to go around security, its because theyre just trying to get their work done. We need to help them with what theyre doing, rather than telling them what they cant do.
3. Preaching to the choir
We go to these conferences, and its security people talking to other security people about how important security is, observed Javvad Malik, a security analyst at 451 Research. Its become a sort of echo chamber. We need to get out and talk to the people who really need to understand the message.
Business has been following an institutionalized view of risk management for years, and that view doesnt include IT security, noted Forrest Foster, chief security architect at Cisco. We need to get into the business schools and talk about IT security risk.
Confusing security and compliance
Too many security professionals are moving away from doing real security and are doing more in compliance, said Malik. We dont need more auditors.
Some security pros have become glorified security assessors and auditors, Jacobs said. Whats ironic is that a lot of them are not necessarily qualified for that job.
Failing to reach out to students and young professionals
There is a dire shortage of infosec talent out there, and its hurting all of us, said Dan Waddell, solution lead for the global public sector at Grant Thornton. We need to build a pipeline of young people we can hire.
We need to get ourselves and our security message into schools, said James McQuiggan, a member of the security team at Siemens Energy. Anyone over the age of 35 today is a digital immigrant. Those who are younger, who grew up on the Internet, are the digital natives. We need to get our message of security to those people early.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Five Habits IT Security Professionals Need To Break