Security Policy Security Failure

Why Your Security Policies Could Be Failing Your Business (Security Intelligence)
For security policies to be followed, they must be known and enforced wherever possible and reasonable. If your users can’t follow your policies due to business process conflicts, or you can’t enforce the rules due to a lack of technology or another shortcoming you’re unwilling to mitigate, then you’re probably better off not having them at all.

4 Tips to Creatively Close the Information Security Skills Gap

4 Tips to Creatively Close the Information Security Skills Gap by Joan GoodchildJoan Goodchild (Security Intelligence)

In a competitive market for skilled candidates, Combs suggested it doesn’t hurt to take a dose of reality when it comes to your expectations for hiring. Begin by taking a hard look at your interview process.

“Most organizations have an interview process that is too long, with a lot of redundancy, and it’s low-touch,” Combs said. “They rely so much on technology for applications, but you can’t do that in security. It’s too sterile. If you want to be successful, then you need recruitment with real people who move quickly to communicate.”

Combs suggests testing your interview process so you know what the process is like as an outsider. The timeline should be a consideration, too. Investing time in finding the right person is OK, but it should be reasonable, Combs said.

“As long as you drag your feet, the candidate is going to have other options and ultimately may choose to go elsewhere. And in this market, they can,” Combs said.

Joan Goodchild offers creative tips for companies looking to hire and develop information security talent.

Why Security Skills Should Be Taught, Not Hired

Why Security Skills Should Be Taught, Not Hired (Security Intelligence)

We are in a state of deep technical debt in security, and there’s no hiding it. Almost all of the threats our peers were warning management about a decade ago are now the realities we face on a daily basis. Because security wasn’t seen as essential — and because the pipeline wasn’t created in colleges and universities — we’re facing a hiring shortage today. Perhaps most importantly, since no education can prepare a student for the real world, training is our only option to fix the problem.

Only a few organizations can afford to pay the salaries required to hire the top talent in our field. The rest of us need to train people internally and help our new hires develop the skills we need them to have. Using training and promotion as an incentive to hire and retain employees seems to be a logical solution — even if it’s going to take long-term planning to make it effective.