December 07, 2010, 9:35 PM — You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?
Conventional wisdom says we need more staff training and technical security certifications. Others say higher salaries, a better understanding of the bad guys, more executive leadership training or more top-level executive buy-in are needed. While all of these help, I've seen security staffs with all of the above fail.
As I've traveled the world, I've identified some common traps that cause security pros to fail. What works and what doesn't in achieving the best security results? If you call yourself a security professional, here are seven lessons you need to learn. I originally examined these lessons in a series of posts on my CSOonline.com blog, where you can find expanded thoughts on each problem and solution.
Problem #1: Security Is Thought of as a Disabler
Security professionals are often viewed as the party poopers. This threatens the credibility of every security consultant. Are you bringing problems or offering solutions? Are you viewed negatively by the business?
Take cloud computing, for example. The technology world is rushing into the cloud, but while thousands of positive articles are being written about the ROI and transformational aspects of new cloud architectures, the security world is busy printing articles about why the cloud is a bad idea.
Key #1: Become a Facilitator. So what can be done? Stop saying "no" to your customers! Offer secure solutions. Be an enabler. Tell them how you will ensure that their project is delivered on time, on budget and with the right level of security. Ask yourself whether the business sees value or roadblocks in your approach.
Also read Dunkin' Brands security focuses on making dough (Insider registration required)