Effective cybersecurity operations are as unique as the business models and technology choices of the companies they protect. Their creation and management are constantly complicated by a lack of common terminology and set of expectations, due mainly to the chaotic path our industry has taken since its relatively recent birth.
Cybersecurity leaders are similarly difficult to measure and understand because our language and their capabilities aren’t clear, with the lack of a common nomenclature further reflected in the assessment of skill sets and qualifications. The mix of cybersecurity complexity, opaqueness, and urgency creates a vague picture of who can successfully lead and hold responsibility for the operation.
The relative immaturity of the cybersecurity function leaves insufficient organizational precedent for titles and hierarchy. Some organizations default to practicality: Whoever runs IT or the help desk becomes be the security leader. Others are interested in hiring a chief information security officer (CISO) who will manage the details of security that are unfamiliar to all other business leaders. Neither of these approaches are healthy.
The popular narrative around security is dominated by images of fear, uncertainty, and doubt. We’re led to believe security is terrible, that breaches are inevitable, or that the right leader can render the organization invulnerable. This kind of absolutism usually comes from those new to the space who aren’t yet well-versed in security. It’s pervasive, it’s incorrect, and it breeds insecurity for both the organization and the individual.
According to one report, stress (60%) and burnout
Read more