Essentials of CyberSecurity is a crowdsourced ebook written by @Peerlyst community. I wrote the chapter ‘Building corporate security culture’ with following preface, which should give you a solid context for the message I tried to convey in my article.
All those years in InfoSec taught me that for security initiatives to be effective, security must be at the core values of corporate culture. Security professionals can’t achieve their greatness if they’re not being actively supported by all stakeholders across entire organization and if other employees don’t feel ownership over organization’s safety. Each time I joined organization where security professionals wanted to do everything themselves, they failed miserably short after.
Fighting with broken security culture without any support from the top leads to burnouts of InfoSec folks plus creates general anxiety and irritation within an organization.
I’m proposing here a list of activities I found to be the most effective and productive in my security career. Unfortunately I’ve had to go through painful path, so by sharing all these with you I hope you will learn from my mistakes and avoid them in your career to become more effective without burning out your passion, health and relationships with co-workers. All of the things listed below are not some sort of theories, but activities that were successfully executed by someone who made his hands dirty and applied them to real life businesses.
Understanding these concepts will enable you to see bigger picture and gain richer point of view, but please see this as an inspiration and hints instead of rigid set of raw rules. I’m giving you a food for thought which you need to thoroughly consume and adjust to your organization and your personality.
In order to provide you as much value as possible, I created a bunch of subsections with brief and practical explanation, so it’s more generic and can be applied to wide range of individual situations. Enjoy!
Because of comprehensiveness only part of my writing had been put into the book. For continuation please see: Ebook chapter continuation — Building security corporate culture by Dawid Bałut
The ebook has been announced here: Second Community eBook: Essentials of Cybersecurity
It can be downloaded from here: Essentials of CyberSecurity.pdf
and you can also get it from Amazon if you wish: Essentials of CyberSecurity — Amazon
The book on Amazon costs $0.99. The proceeds of this book (those not going to Amazon) will be donated by Peerlyst to http://withoutmyconsent.org, an organization fighting online harassment.