Brown: Looking back, I'm more paranoid about security now than I was back then. We didn't have these consolidated hacker groups like Anonymous that wanted to prove their point, whether to GM, the Vatican or whatever. How do you balance your security posture when at any moment, you could be subject to someone with more manpower and time than you have? There's a lot of damage that an external group can do to a company if they have it out for you. They're coming at it from a specific angle, and it's difficult to anticipate from a business standpoint.
Hartmann: Generally speaking, the business does not fully understand how serious the threat is to the critical infrastructure, network data and proprietary information from foreign governments, foreign companies, domestic competitors and others with less than legitimate intentions. Security professionals need to continuously educate about these risks and work to implement balanced risk mitigation plans and tools.
Berinato: The disconnect between the realities of security and the pop media treatment of it presents a challenge, especially in the hacking world. All of that is very real and very dangerous, but I can't tell you the number of stories I read in respected media outlets that dumb down or misconstrue the threat.
Ever since 9/11, security has become a pop culture phenomenon. There are lots of popular myths, simplifications and ideas that people take to heart, and security professionals have to understand and dismantle these and help re-explain things in the right way.
On why security professionals would enjoy a business career:
Hartmann: Security-related backgrounds provide a strong foundation for working in a core business role. Whether it's an inquisitive mind-set, interacting with a large variety of people from all walks of life or keeping an open mind to how the story might unfold--these are skills that folks with security backgrounds have that, when applied correctly, pertain to the business itself. To this very day, I draw on skills and techniques I learned in my early career.
Having a risk-averse perspective is actually a positive thing in business. As long as it's not taken to the extreme, this mind-set forces you to come at something from different angles to reach a strong conclusion. If you're going to market with a new product or approach, asking all the right questions will result in the highest possibility of success for that new project.
Brown: You don't get the short-term wins on the security and technology side that you get on the business side. It's a refreshing place to be. There's not a week that goes by where I'm not negotiating a million-dollar bid, whether it's Abercrombie calling, or Victoria's Secret wanting neon pink thread, or I need to make unicorns appear--immediately!
This story, "What I learned when I left security" was originally published by CSO.