New (And Not So New) Roles in Security
It’s Not Just About Engineers
Every security leader is required to build a security team that can manage an organization’s security risks and requirements. Historically, that has meant hiring security engineers, architects or technical analysts. After all, security is a technically-driven profession.
It’s true to say that technical resources (that is, folks who build, maintain, or assess information systems) are needed to run an effective security organization. But a leader who only hires for these skills and roles is missing important elements of a well-rounded and future-focused security program. Here are some roles to consider hiring (or finding elsewhere):
Compliance Operations
When building a security strategy, most organizations start with the things they must have, aka compliance. But rules and regulations are tricky things.
First, the regulations often leave room for interpretation, which means you can’t just take a list of regulations and magically know how to apply them in your organization — someone must interpret the regulations against your technology stack, your operational processes, and your organization’s risk tolerance. Lawyers can help but typically don’t have the technical expertise to do this work.