Cybersecurity is a People Thing, Not Just a Technology Thing
Written by Industry Expert & Quadrant Director of Managed Security Services, Josh Copeland (connect)
Opinions for this series are solely those of Josh and do not necessarily reflect those of Quadrant Security.
--
The title of the post leads to my rant of the day: TRUST. In an industry where “zero trust” (a buzzword and rebranding of the decades-old "least privilege") is plastered on exhibitor booths and vendor collateral; one of the most critical things you can do may sound counter-intuitive: TRUST your people. We are hiring great talent, and we need to trust them. Let's dive into this more deeply...
I'm going to cite the Australian Council of Professions here, because I love how they describe it:
"A Profession is a disciplined group of individuals who adhere to ethical standards and who hold themselves out as, and are accepted by the public as possessing special knowledge and skills in a widely recognized body of learning derived from research, education and training at a high level, and who are prepared to apply this knowledge and exercise these skills in the interest of others."
Cybersecurity, by that definition, is undoubtedly a profession -- and as such, comprised of professionals. The ethics piece is especially important, as that is a cornerstone of cybersecurity. Yet, I often hear of highly-trained and talented professionals being hamstrung in doing their jobs because of... a lack of trust.
Why hire great talent and nerf them, rather than let them be the professionals you are paying hefty sums of money to provide a highly-technical and specialized service? You hired them because they have the education, the training, the experience, the certifications, etc. Let them deliver on what they can do.
That isn't to say that there shouldn't be checks and balances; after all, that is what good GRC does!
The bottom line: If you hire great talent but feel the need to micromanage qualified professionals, you are probably the problem in your organization, not the solution.