When thinking of the security team, a common misconception is that it is made up of a group of ninjas who can defend the enterprise with the click of a button, before anyone has even noticed anything is wrong. In reality, the IT team works in a similar way to others in the enterprise – nothing happens if budgets and corporate strategic goals aren’t met.
For example, the role of the ‘budget ninja’ is to gather, organise and assign resources amongst the IT team. We are living in an interesting but challenging time of innovation as new technologies, such as cloud computing, IoT and blockchain are maturing and becoming usable and beneficial to businesses. However, when it comes to thinking about wider business priorities when on a tight budget, the ‘budget ninja’ would play a vital role allocating often overlooked resources to network monitoring, alerting and troubleshooting software, as a single breach to the network could result in a huge hit to the bottom line.
The Risk Guru
Back around the turn of the millennia, we had professional risk managers whose job it was to assess technical equipment, systems and software, and assign a monetary value of risk to the business. They would calculate the cost to the business if that particular piece of equipment was susceptible to Y2K, was hit by a virus, was hacked, or went down.
Three years ago I would have written, “I’m not saying that a cyber-attack is inevitable and therefore we should prepare for the worst”. Now however, I regularly remind CIOs that a cyber-attack is inevitable and therefore they should prepare for the worst. Putting a monetary value on a potential data breach or breakage beings the costs and value of the IT security team into business calculus guides effective security investments in the future. Once an old-fashioned approach, this method drives critical clarity as we reach new all-time highs when it comes to data breaches. Therefore, a crucial element of any IT security dream team would be a risk guru so you may educate the rest of the business how important cyber security is. The Mad Scientist
It’s all well and good being rational and reasonable with your dream requests for the security team, however we definitely need someone who isn’t bogged down in the day-to-day and instead is predicting the future, imagining the unimaginable and thinking the unthinkable – the Mad Scientist.
With the IT team spending the majority of its time keeping everything running smoothly, as an organisation it can often be hard to assign resources to focus on research and development. If you even occasionally free one person to researched future trends, and develop plans on how to train the team on the latest security technology, IT as a whole can evolve and upgrade security processes, response plans and equipment as a part of their day-to-day activity.
The dream could become a reality…
The current business and technology climate is extremely fast moving, and sometimes we can all get caught up in the rush of it. The makeup and investments in IT security team has never been more important to your businesses, and insuring it receives thoughtful investment in order to keep critical data private and secure should be more than a fantasy.
By stepping back and having a think about ‘the dream team’ scenario, IT pros may find that a security dream team isn’t actually unobtainable. Instead, with a little organisation and delegation, you can deliver a business win management might almost like as much as a VIP passes to championship matches.
