There is no Information Security "labor shortage", there is a lack of understanding of the challenges and a level headed, business driven laser focus on success.
OWASP, OASIS, NIST, CIS, SANS, ITIL, COBIT,...these are our role models, our mentors, our "Avengers", our "S.H.I.E.L.D.".
Vendors that drive the hype cycle are just that, sales people, none of them know your challenges like you do. Identify your risks, work the list relentlessly, each and every day. Share the list with your teams, get their inputs and insights, make it a shared concern, empower them.
For my labor dollars, I look to my IT Department for recruits, they understand Information Security and Risk, just not the lingo. My training/recruitment dollars are better spent on internal IT Dept team members to boot strap them into INFOSEC...to "solve" any perceived shortage.
It's a fact, Sys Admin's make great INFOSEC pro's.
Next step would be to truly KNOW the current state and the desired end state, to do and measure what is truly important not just the shiny penny of vendor hype driven security.
Stop playing INFOSEC Whack a Mole... Work the CIS top 20 like a BOSS!
Center for Internet Security
No comments:
Post a Comment