I’m fresh off of a couple of weeks of getting new data and new perspectives from “herds” of security people by spending time hanging around their watering holes.
For example, I spent some time at Black Hat, hearing from others on what they are doing to improve security. I have been spending time with a couple of ISACs (Informatino Sharing and Analysis Centers).
I have been lurking on a listserv of risk analysts to hear the latest views on infosec risk frameworks. And so on. Next month, I will be hanging around some different watering holes, this time in groups oriented and comprised of C-level security executives.
The interesting thing to me is how little overlap there is between these groups, and how limited the “senior executive” involvement is in these groups. This feels like missed opportunity to me.
In a sense, I think this is an echo of the problem I talk about all the time here: there’s a big gap between the “doers” and the “suits” in the business. They don’t always know how to talk to each other, and neither seeks out opportunities to listen to the other group.
Unlike the watering hole analogy though, these groups don’t have a hard & fast predator/prey relationship, so we should be able to solve this.
As someone who’s watching each of these crowds, it feels like we’re missing the opportunity to cross-pollinate information between these groups. I don’t know how to solve that, but am interested in hearing your thoughts – especially if you know of examples where this is working.
I’d love to hear from you.
- The Parallel Evolution of IT and Risk Management
- How Insurance Connects Security to the Business
- Enterprise Insurance Policies and the 20 Critical Security Controls
- 20 Critical Security Controls: Control 15 – Controlled Access
P.S. Have you met John Powers, supernatural CISO?
Categories: Risk-Based Security for Executives, Connecting Security to the Business, IT Security and Data Protection, Cyber Security, IT Security and Data Protection, Risk-Based Security for Executives