New (And Not So New) Roles in Security

It’s Not Just About Engineers

Helen Patton

--

Every security leader is required to build a security team that can manage an organization’s security risks and requirements. Historically, that has meant hiring security engineers, architects or technical analysts. After all, security is a technically-driven profession.

A wall painted with multiple colors to look like jigsaw puzzle pieces.
Photo by Ashkan Forouzani on Unsplash

It’s true to say that technical resources (that is, folks who build, maintain, or assess information systems) are needed to run an effective security organization. But a leader who only hires for these skills and roles is missing important elements of a well-rounded and future-focused security program. Here are some roles to consider hiring (or finding elsewhere):

Compliance Operations

When building a security strategy, most organizations start with the things they must have, aka compliance. But rules and regulations are tricky things.

First, the regulations often leave room for interpretation, which means you can’t just take a list of regulations and magically know how to apply them in your organization — someone must interpret the regulations against your technology stack, your operational processes, and your organization’s risk tolerance. Lawyers can help but typically don’t have the technical expertise to do this work.

--

--

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen or on Mastodon @cisohelen@infosec.exchange