Guide into Effective Security Management

After 10+ years in IT and 5+ in InfoSec I’ve learnt that for security initiatives to be effective, security must one of the core values of corporate culture.

Security professionals can’t achieve their greatness if they’re not being actively supported by all stakeholders across the entire organization and if other employees don’t feel ownership for the organization’s security/safety. Each time I have joined an organization, where security professionals wanted to do everything themselves, they miserably and painfully failed shortly after.
Fighting a broken security culture without any support from the top leads to burnouts for InfoSec folks and creates general anxiety, irritation and a toxic atmosphere within an organization.

Based on my experience and research I want to share with you a list of activities I found to be the most effective and productive in my career so far.

Unfortunately I myself had to go through a painful path and I’ve made tons of bad decisions, so by sharing all these I hope you will learn from my mistakes and avoid them in your journey — to become more effective without burning out your passion, health and relationships with co-workers.

What differentiates this guide from many others out there is that all of the things listed below are not some sort of theories, but actual activities that were successfully executed by someone who got his hands dirty and applied them to real life businesses starting from small startups to multimillion-dollar businesses.

Understanding these concepts will enable you to see bigger picture and gain richer point of view, but please see this as an inspiration and hints instead of rigid set of raw rules.

I’m trying to give you food for thought, which you need to thoroughly consume and adjust to culture of your organization and your personality.

In order to provide you as much value as possible, I’ll create a bunch of easy to consume articles with brief and practical explanation of given advice, so it’s more generic and can be applied to wide range of individual situations.

No romance, no idealism, just practicality — because we are out there to bring value to the business and help it make more money.


List of articles in the series:

Start small and early

Educate executives and middle-management first

Build credibility and learn business language

Outline SDLC/NDLC improvements

Make security simple

Embrace DevSecOps

Internal security trainings and awareness awards

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.