Blake: Selling security with FUD works, but it's not necessarily the best way to do it. You can also emphasize the positive things security can do for a business. Having seen that security is top of mind for internal clients in the financial services industry, I now know that I should have looked at security as a service provided to internal customers, a value brought to the table.
On why security is more important now than ever before:
Brown: Looking back, I'm more paranoid about security now than I was back then. We didn't have these consolidated hacker groups like Anonymous that wanted to prove their point, whether to GM, the Vatican or whatever. How do you balance your security posture when at any moment, you could be subject to someone with more manpower and time than you have? There's a lot of damage that an external group can do to a company if they have it out for you. They're coming at it from a specific angle, and it's difficult to anticipate from a business standpoint.
Hartmann: Generally speaking, the business does not fully understand how serious the threat is to the critical infrastructure, network data and proprietary information from foreign governments, foreign companies, domestic competitors and others with less than legitimate intentions. Security professionals need to continuously educate about these risks and work to implement balanced risk mitigation plans and tools.
Berinato: The disconnect between the realities of security and the pop media treatment of it presents a challenge, especially in the hacking world. All of that is very real and very dangerous, but I can't tell you the number of stories I read in respected media outlets that dumb down or misconstrue the threat.
Ever since 9/11, security has become a pop culture phenomenon. There are lots of popular myths, simplifications and ideas that people take to heart, and security professionals have to understand and dismantle these and help re-explain things in the right way.
On why security professionals would enjoy a business career:
Hartmann: Security-related backgrounds provide a strong foundation for working in a core business role. Whether it's an inquisitive mind-set, interacting with a large variety of people from all walks of life or keeping an open mind to how the story might unfold--these are skills that folks with security backgrounds have that, when applied correctly, pertain to the business itself. To this very day, I draw on skills and techniques I learned in my early career.