Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What Has Cybersecurity Pros So Stressed -- And Why It's Everyone's Problem

As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.
1 of 2

Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
10/30/2019 | 1:07:10 PM
It's Not the Bad Guys Who Are the Biggest Problem in Security
While all of the points in this article have validity - I can tell you what the biggest stressor is for many cyberpros. It's not coming from the "outside" - it's coming from the inside of corporations. Cyber people can deal with the criminals and even the hapless users who are human and make mistakes. They may be an annoyance - but we have the know how and can address those risks.

They're not the biggest problem.

The real stress is coming from C-level people who are more interested in speed than in (honestly) keeping their organization secure. It's the utter hypocrisy that allows lip-service to say  "we take security seriously" publicly - but starves the security team of the basic resources they need to do their jobs. (Case in point: I am an appsec architect, but there is no money for code assessment/scanning tools. I'm supposed to do it all manually, I guess. And, of course, that is impossible.)

The problem, of course, is that the above attitude rolls through the organization. It's the "security" meetings you don't receive invitations for (even though you're the only rep for security in the entire company). It's the decision to use a vendor before security reviews are even requested - because the CEO "knows" somebody. It's the request to review an vendor or an application immediately - because "we're going live tomorrow". It's the formal processes that you finally get into place, that are ignored. It's the issues you raise on a Slack channel that mysteriously go "private" when you inject that security should really be involved in the issue...and then comes back three days later "solved". It's lurking on Slack channels just to discover that four new vendors are being brought on board that you've never heard of. . .

I could go on and on. 

In other words, let us do our jobs, give us more than lip-service as support, fund us - and we will deliver and perform and be very happy.

But, create an environment like the above - and expect us to start looking for a company that does value our skills, experience and expertise. Because that WILL reduce our "stress".

[email protected],
User Rank: Apprentice
10/24/2019 | 9:50:02 AM
Pretty much summarized the true nature of current tech industry
THANK YOU for publishing this article. You have pretty much summarized what's going on in the Information Security world. While there are some notable exceptions, this is our story in almost all business. Unfortunately, the management from "Business" who SHOULD be reading this article will likely not get to read this.

Another trend I have been noticing is that there are currently a lot of 'new' security-minded people suddenly being born. 'Product sales manager' suddenly becoming 'security sales expert,' 'Business liaison' to 'security liaison,' 'project manager' to 'security guru'... list goes on and on. It would have been beneficial for the future of business and our industry if all these people with new security title learned about their job before starting to talk about it in front of any C-suite team.

Well, I am already getting tired of seeing the show-off both online and offline; enough that I have erased most of my security-related skillsets from online profiles.


Post-Pandemic Presentation Plans

Source: J4vv4D

We'd love to hear your ideas, too! Add them the Comments section, below.

What security-related videos have made you laugh? Let us know! Send them to [email protected].

Name That Toon: The Lights Are On ...
Flash Poll