01 Jan Aim of this Space
Hey! My name is Diane, and this is my very first blog post on Strategic Security by Diane. In this post I would like to talk about why I have created this space, and what I would like to share through it. My posts will include opinion pieces about information security; risk management; and leading infosec professionals.
Having worked in information security and related areas, for the past couple of years, I wanted to start sharing my experiences in implementing and advocating for information security in organisations. I will talk about creating a security program from scratch. I will write about iteratively improving the security maturity within organisations, or at least how I’ve done it – what I would do all over again, and what I’ve learnt to avoid next time round.
I will share how I applied the knowledge I gained through a masters in IT management and organisational change, when managing changes in business processes to integrate security controls. I do believe this knowledge really equipped me in reducing resistance to change, which is usually a regular encounter for security professionals trying to convince business to think of security.
My posts will talk about the need for information security risks to be treated as a business priority, and the security team treated as a business partner. This is a concept that needs to be continuously sold by security professionals to business leaders, and a critical driver of this point is structuring a team that reflects the business model and its operations. In my blog I will discuss how I went about structuring a team of security engineers and officers, to meet the business needs and what I do believe a good security leader (or any leader) should focus on to build and support a high-performing team.
I will discuss the need to understand the critical business processes, what is required to keep the business running and what is needed to make the business money, and then building a team to protect both.
As a security professional and leader, I am still learning and growing every day. I am working on managing myself, celebrating my successes and learning through my failures. I am excited to share my experiences, good and bad, in this blog – hoping they can be of some help to anyone going through similar situations!
If you have any questions, or you would like to discuss/agree/disagree with anything – feel free to leave a comment or email me on firstname.lastname@example.org
In the meantime I would like to note that any and all posts are a reflection of my personal opinion and in no way reflect or are related to my employment.
Be back soon with my next post..! In the meantime, wishing you a Happy New Year 🙂