What do you wish security professionals would start/stop doing?

Security & GRCSecurity Operations Center (SOC)
4.2k viewscircle icon2 Upvotescircle icon6 Comments
Sort by:
Director of Technology Strategy in Services (non-Government)4 years ago

Start talking about what security enables an organsiation to do, rather than trying to stop the org from doing anything.

"We have a a CASB, this means we can allow access to tools you need to do your job"

"We have SASE, this means we can enable remote working with fewer controls"

and so on

Lightbulb on3
Director of Information Security in Manufacturing4 years ago

STOP thinking about security as some kind of super exclusive club, where you need to have a kazillion certifications to even get started into a career. Most of it is common sense and can be learned by doing!

Lightbulb on4
Principal Information Security Officer in Education4 years ago

Stop spreading FUD (Fear, Uncertainty and Doubt) to get increases in budgets and head count (rather than using real metrics, historical quantifiable risk data and fact-based evidence).

Lightbulb on3
Director Of Technology in Education4 years ago

Stop acting like they have a law enforcement background. Unless the security professionals have genuine experience at the CIA, FBI, or NSA it’s often a bit of an dog and pony show that turns off the audience. Be approachable rather than appearing knowledgeable.

Lightbulb on2
Head of Information and Data Analytics in Software4 years ago

I am absolutely passionate about both AI and cybersecurity, and the community. There's quite a few opportunities in terms of building a community around cybersecurity, where for the most part, things have been siloed and more so the enterprise-centric old way of doing things. Obviously, as you just catch up, the world keeps changing. With the amount of change that is happening, it's hard for everybody to stay up to date. So I have a few thoughts in terms of creating a community for incident responders. Like we have tried with threat intelligence. It was good, but that's not actionable. So when we talk about specific incidents and sharing that knowledge among peers, that is actionable, which makes more sense.

Content you might like

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Read More Comments

Is anyone leveraging Red Hat OpenShift to replace VMware as a hypervisor offering, and if so, any migration lessons learned to share for those going down that path?

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results

We implemented Oracle HCM recently including Redwood.  Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

Are you active on Discord?

Very active10%

Occasional user49%

No, but I want to be13%

No, and I'm not interested21%

What is Discord?4%

View Results