The traditional way of finding IT talent – poaching already skilled security engineers from other companies – isn’t sustainable, said Robb Reck (@robbreck), Director of Information Security at Pulte Financial Services. If you want more security talent, you have to find people with aptitude and train them. It’s going to be less expensive and it’s sustainable.
“You can make a secure environment without going and buying all of the things our wonderful sponsors (at the RSA Conference) back there are selling,” said Reck. “But you have to have the right people running them, keeping an eye on it, in order to keep the environment going.”
At the 2014 RSA Conference we repeatedly heard that security is a combination of technology, people, and processes. Most people we spoke to said there’s been far too much focus on technology. You have to focus on the people and processes, and create support for the tools you already have and architect an environment that’s self-sustaining, said Reck.
- Developing Your Cyber Intelligence Analyst Skills
- IT Security Skills Anyone Can and Should Learn
- 20 Critical Security Controls: Control 9 – Security Skills Assessment and Appropriate Training
- Tony Vargas on Security Awareness Training in the Enterprise
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock