Access your Pro+ Content below.
The must-have skills for cybersecurity aren't what you think
This article is part of the Information Security issue of August 2019, Vol. 20, No. 3
What comes to mind when you think of information security? I'm guessing it's technical stuff like firewalls, passwords and encryption, and the incidents and breaches they help prevent. After all, these are the core security components that seem to get the most attention -- both positive and negative. They're a significant part of the equation, but these "solutions" aren't representative of a fully functional information security program. Money is spent, classes are taken and metrics are measured on products. But that's not where the real security issues lie. For its defense efforts to be effective, organizations must have on staff persons with specific 'soft' skills for cybersecurity. Many of the greater security challenges include things that no one discusses: weak leadership with limited buy-in; lack of financial support; business culture that fosters mediocrity; users making their own decisions; and technical staff unable to get their points across. There are hundreds, likely thousands, of vendors with products and services ...
Features in this issue
IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.
IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues.
Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication.
News in this issue
IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.
Columns in this issue
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.