blog post
Progress in Information Security
We have been complaining for years that we lack the authority to declare which projects require funding to achieve business goals. Getting into board meetings has not improved our condition.
Yet, the biggest bottleneck to progress in information security often stems from the alignment between business and security goals. This misalignment can manifest in several key ways:
- Budget Constraints: Information security requires significant investment in both technology and personnel. However, securing adequate budget often proves challenging because security doesn’t generate direct revenue. Instead, it’s about risk management and loss prevention, which can be harder to quantify and prioritize against other business initiatives that promise tangible returns. I believe that is a red herring run by quants and their bosses, who insist on using ”science” to run our businesses over black magic voodoo that comes out of there big machines could ever do so. In addition, this approach retains control for the end on investment, buy rarely receives assessment or validation.
- Cultural Challenges: Establishing a security-first culture within an organization is crucial but hard. Without strong organizational commitment to security, initiatives can be undermined by lack of adherence to policies, insufficient training, or resistance to changes that are perceived as inconvenient or cumbersome. Missions are missions, and should be especially critical in an area of dependence on other folks’ code through third open-source
- Complexity of IT Environments: Modern IT environments are increasingly complex, incorporating cloud services, remote work, mobile devices, and the Internet of Things (IoT). Each new technology can introduce vulnerabilities and requires specific security measures, making the task of securing these environments more complex and resource-intensive. Preparation through just-in-time training will encourage your teams that if your boss is up to spending their weekend, it’s worth your own time as well.
- Rapid Technological Changes: As technology evolves quickly, so do the tools and methods used by cyber adversaries. The speed at which new threats develop often outpaces the ability of organizations to adapt their security measures.
- Shortage of Skilled Professionals: There is a well-documented global shortage of cybersecurity professionals. This lack of skilled workforce means that many organizations cannot effectively implement, manage, and maintain their security infrastructures. Advances in training and education have shifted the landscape toward, you, the buyer in the last couple of years.
Much better coursework, more effective graphics, and much more capable delivery teams composed of avatars instructing with scripting created by cybersecurity professionals in each subject matter, These bottlenecks highlight the importance of strategic planning in information security, where efforts are not only focused on implementing technical solutions but also on aligning security initiatives with broader business objectives and building an organizational culture that prioritizes security into the future.
Author
Steve King
Senior Vice President, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He began his career as a software engineer at IBM, served Memorex and Health Application Systems as CIO and became the West Coast managing partner of MarchFIRST, Inc. overseeing significant client projects. He subsequently founded Endymion Systems, a digital agency and network infrastructure company and took them to $50m in revenue before being acquired by Soluziona SA. Throughout his career, Steve has held leadership positions in startups, such as VIT, SeeCommerce and Netswitch Technology Management, contributing to their growth and success in roles ranging from CMO and CRO to CTO and CEO.