Guide into Effective Security Management

After 10+ years in IT and 5+ in InfoSec I’ve learnt that for security initiatives to be effective, security must one of the core values of corporate culture.

Security professionals can’t achieve their greatness if they’re not being actively supported by all stakeholders across the entire organization and if other employees don’t feel ownership for the organization’s security/safety. Each time I have joined an organization, where security professionals wanted to do everything themselves, they miserably and painfully failed shortly after.
Fighting a broken security culture without any support from the top leads to burnouts for InfoSec folks and creates general anxiety, irritation and a toxic atmosphere within an organization. Continue reading “Guide into Effective Security Management”

Hiring your first security professional

I really enjoy attending security/business conferences. But it’s not that I’m going there to learn how to do security, because if that would be the case then I’d go for DEFCON or Derbycon and learn from top hackers on the planet. I go to business conferences because I want to listen to the problems others have and observe the way they’re approaching them.
One problem I see continuously since — pretty much — ever is a struggle of starting internal security department. Is it really that hard? May be, but how do you know if you’re keeping the same approach and attitude and make the same mistakes all over again? If your approach doesn’t work, maybe give this one a shot. Continue reading “Hiring your first security professional”