Although the media hype around large-scale security breaches and the unprecedented growth of cyber espionage is at an all-time high, there is still a fundamental disconnect between the conversations among security vendors pitching corporate boards and the real-time, front-line culture of the security professionals tackling threats every day.
While every part of the industry has a unique view to offer on security and business risks that will be highlighted on corporate board and C-level agendas, as a CEO, I lead an organization that protects more than a million users around the world, working at customers of all sizes. Having seen executives and security professionals work around the clock to stay ahead of today's scorching barrage of cyberattacks, especially over the course of the global pandemic, I am convinced there is something fundamentally broken with the mainstream approaches to cybersecurity today. And I believe the lack of unity — in the solutions we offer as an industry and the culture we set for our security teams — is greatly responsible for these shortcomings. From the C-suite to the security team, from vendor to customer, this lack of alignment is detrimental to a successful and productive security strategy.
Unity Can Accelerate Innovation
While we are seeing security companies valued at an all-time high, experts are already ringing the warning bells that market corrections are coming that will winnow the field. We've seen massive market disruptions and consolidation occur in the past two years, displacing vendors that have reigned in those markets for decades because they couldn't keep up with the pace of attacks and ultimately meet customers' needs. No industry is immune from the innovation dilemma, especially not the security industry.
I believe that security companies truly able to continually capitalize on tailwinds will be those that manage to build a unifying internal culture that promotes high-functioning teams. Yes, internal culture in the security industry remains a highly overlooked area of business that only leaves us less prepared, even hampered, in the fight against highly motivated attackers.
While most security vendors are laser-focused on technological development, R&D, and rolling out new solutions each quarter, it's easy to forget that we have people on the other end of the line who are making all this magic happen. In reality, many industry leaders miss the opportunity to unify their teams around common values, better working practices, collaboration, or professional growth. Instead, we have a burn-and-churn culture in the security industry, and we expect humans to run as fast as machines, if not faster, often with little or no personal reward.
These practices are hurting our ability to deliver ongoing innovation and outpace the adversary. In an environment where speed is of the essence to prevent a breach, it's just as important to slow down and recognize that you have to build a culture in which security practitioners can grow, thrive, and be challenged in a positive way. Otherwise, you risk slowly trailing behind on your promise to customers and losing the competitive and market steam needed to tackle the big problems in cybersecurity.
Culture of Unity Among Cybersecurity Pros
One of the biggest challenges in cybersecurity today is the lack of talent. Across the security market, we see pervasive skill gaps, especially as we look to advanced new fields such as cloud security, artificial intelligence, and zero trust, among others. In addition, customers routinely struggle to properly resource their teams, leaving security professionals overwhelmed by alerts and their businesses vulnerable to attacks.
What compounds this problem is the industry churning out and marketing new tools, gadgets, and solutions at breakneck speed, all promising to single-handedly solve the cybersecurity challenge. This "shiny new toy" symptom ends up creating complexity, fragmentation, and confusion. Although threat vectors continue to merge and evolve, most security solutions remain focused on a single attack entry point, with no overarching view of owning the outcome or the operational aspects of security for the customer. As a result, they create further strain on organizations' tight resources and stretched talent.
It's time to redefine how we solve these immense security challenges and promote a new paradigm that champions a unified approach to security operations. This can mean resisting the urge to add the latest shiny new technology or to dive into yet another three- or four-letter acronym trend. Instead, organizations should focus on truly understanding what those fundamental security building blocks are that will strengthen your program across the board and how to build partnerships with security vendors that will actually advance your security journey.