Why Security Pros Fail (and What to Do About it)

You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?

By Dan Lohrmann
Mon, December 06, 2010
. What's this?

CSO — You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?

Slideshow: Security Quiz: How Well Do You Know the Insider Threat?
Slideshow: Quiz: Separate Cyber Security Fact From Fiction
Slideshow: Quiz: Do You Know IT Security?

Conventional wisdom says we need more staff training and technical security certifications. Others say higher salaries, a better understanding of the bad guys, more executive leadership training or more top-level executive buy-in are needed. While all of these help, I've seen security staffs with all of the above fail.

Also see Lohrmann's slide presentation of this professional development material

As I've traveled the world, I've identified some common traps that cause security pros to fail. What works and what doesn't in achieving the best security results? If you call yourself a security professional, here are seven lessons you need to learn. I originally examined these lessons in a series of posts on my CSOonline.com blog, where you can find expanded thoughts on each problem and solution.

Problem #1: Security Is Thought of as a Disabler

Security professionals are often viewed as the party poopers. This threatens the credibility of every security consultant. Are you bringing problems or offering solutions? Are you viewed negatively by the business?

Take cloud computing, for example. The technology world is rushing into the cloud, but while thousands of positive articles are being written about the ROI and transformational aspects of new cloud architectures, the security world is busy printing articles about why the cloud is a bad idea.

Key #1: Become a Facilitator. So what can be done? Stop saying "no" to your customers! Offer secure solutions. Be an enabler. Tell them how you will ensure that their project is delivered on time, on budget and with the right level of security. Ask yourself whether the business sees value or roadblocks in your approach.

Also read Dunkin' Brands security focuses on making dough (Insider registration required)

Back in 2004, when I was Michigan's CISO, I was in the "no wireless" camp. I quoted many experts from the NSA and other three-letter agencies who said that wireless networks simply could not be protected. My boss at the time was Teri Takai, who's now California's CIO. She challenged me to deploy secure wireless, following examples from several companies. Teri's advice made me rethink my business approach. Over time, I became known as an enabler of new technology, and Michigan won awards for our secure wireless networks.

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices
Download this complimentary Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices, and learn approaches organizations have used to address these challenges and how virtual desktops make applications more secure and supportable in a BYO world.
Competitive Analysis of the Global Software License Management Market
Learn how to maximize control and minimize loss with SafeNet, the company that Frost & Sullivan named the "clear market leader" in software license management.
Creating Community Within Your Business Partner Network
Learn how you can connect with customers and suppliers for business-to-business e-commerce more affordably with SAP Information Interchange OnDemand. Using prebuilt profiles, you can make changes within your supply chain quickly using a minimum of your valuable resources.
SAP Customers Move to Managed Cloud Services to Cut Costs and Improve Efficiency of B2B Integration
Changes in business objectives and advances in technology compel many businesses to reassess their B2B integration capabilities to seek further process efficiency. We find that very few enterprises make a large change to their B2B integration process for a single reason; instead, multiple factors combine to create the need for change.
Defining the 21st Century Sales Person
Do you know what seller types you have and what it takes for them to succeed? Online information sources and social networks have made basic product information and recommendations so readily available and ubiquitous that the role of the 21st century salesperson is now more so than ever defined in terms of his or her ability to add value to the customer.
Enterprise Mobile: Expectations and Expertise
Enterprise mobility: Most IT leaders say it's transformational, strategic. But only 18% said in a recent study that they have a comprehensive strategy for mobility. The problem: Lack of expertise, time and resources, among other issues.
Webcasts »
Mobility KnowledgeVault
How "mobile ready" is your infrastructure? This Mobility Knowledge Vault provides a wide variety of expert advice on how to strike a balance between end user ease-of-use and security. Prepare your organization with primers on data encryption and user authentication, device disablement and devising an employee-liable device strategy that makes both IT and users happy.
Make Every Rep a Sales Hero with SAP Sales OnDemand: Webcast
This Webcast introduces the business challenges facing sales today, and provides an overview and demonstration of how SAP Sales OnDemand can be used to address those challenges.
SAP Business ByDesign for Subsidiaries: The Best of Both Worlds
In just 3 minutes, discover how the cloud-based SAP Business ByDesign solution delivers the comprehensive business management software your subsidiaries need, and the streamlined data integration your parent company wants.
Join the Exclusive CIO Confidential Networking Group
Learn from and Network with Your Peers with CIO Confidential
CIO Confidential: Using Strategic Communications for Project Success
The role communications can play in the success of projects.
Whiteboard Presentation: Transform the Internet for Enterprise Applications - No Hardware, No Software, No Code Changes
Watch this whiteboard presentation to learn how to transform the Internet for enterprise applications with no hardware, no software and no code changes.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices

Competitive Analysis of the Global Software License Management Market

Creating Community Within Your Business Partner Network

SAP Customers Move to Managed Cloud Services to Cut Costs and Improve Efficiency of B2B Integration

Defining the 21st Century Sales Person

Enterprise Mobile: Expectations and Expertise

Proven strategies for uncovering cost savings with IBM DB2

Refreshing the Mobile Infrastructure

Is Your Infrastructure Mobile Ready?

SMB's and the Consumerization of IT

21st Century Sales Warrior's Guide to Social Selling

The SAP Acquisition of Crossgate Has the Potential to Rock B2B Markets

The Opportunities and Risks of Multi Tier Supply Chains

Collaborate and Connect with Business Partners for Commerce

Work Smarter. Sell Better. Win More. A Solution Designed for the Way You Sell

SAFECHEM: Implementing SAP Solution Saves Chemical Company Time and Money

The Best of SAP Software Tailored for Subsidiaries

Abderdeen Insight: SaaS and the Multi-Tiered ERP Strategy

Workforce Planning for ERP Success

Strategic Communications Secrets from a Vice Chief of Information
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Click to see how Accenture has delivered high performance to clients

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords