Invasion of the Techies

Written By Ruth Romano

I’ve been working in information security for 15+ years and during that time I’ve seen quite a number of changes. We’ve gone from mainframes to cloud, brought internet and email to the masses, and data breaches are now making the 10 o’clock news. 

It occurred to me when I attended a security event recently how the security professional has also changed. We’ve evolved from corduroy clad geography teacher types with more hair sprouting from their ears than their heads to young thrusting pin striped techies, suddenly we’ve got more CISSP’s than you can shake a stick at, we’ve been invaded!!

Once upon a time in a galaxy not too far away, if you mentioned security and compliance to a techie they would run and hide in the server room and refuse to patch anything unless you insisted at gun point. 

But despite all these techies and tech, as an industry we’re still not getting it right, if anything there are more data breaches than ever and companies are apparently spending more money than ever, but are they spending in the right places?

Don’t get me wrong, I think it’s fantastic that we’ve now got the techies on board (I’m actually a recovering techie myself) and we’ve had all these tech advances but I still can’t help feeling that we’re missing something and I think in some cases some organisations are putting all their eggs in one basket and forgetting about all the good GRC stuff and becoming too reliant on the technology or security technology solutions. 

Are the techies and security technology overshadowing the less glamourous and often cheaper governance, risk and compliance solutions? 

At the first information security training course I ever attended one of the first slides proclaimed “It’s not all about IT” and I think this point has become even more valid, whilst techies and security technology are critical to protect our organisations, they are not the be all and end all and must work hand in hand with all of the other good GRC initiatives and solutions we put in place, we’ve got to have our eggs in lots of different baskets. 

As an industry we need to go back to the basics and as organisations we need to get the balance right between technology solutions and good old GRC. These two must coexist, one can’t exist without the other if we’re going to move forward and protect ourselves from the new threats our organisations and industry face. 

Most importantly our techies have got to be able to talk human as well as cyber and I would argue that we’ve got very few amongst us that can actually do this but if we can add the tech to the GRC and then speak coherently to our clients then this might be the solution to our problems and we might actually see fewer data breaches in 2019. 

If you want to talk human, or maybe even cyber, then please contact us and we will be delighted to oblige!

Ruth Romano
Previous

What is SOC 2?
Next

Top 5 Security Audit Findings 2018