Information security skills must include communication, says Dorey

By Ron Condon, U.K. Bureau Chief 29 Apr 2009 | SearchSecurity.co.uk

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Paul Dorey, the keynote speaker on the second day of the Infosecurity Europe conference, has held senior security roles in banks and most recently at the global oil company BP Plc., and is now chairman of the Institute of Information Security Professionals.

For more Infosecurity Europe 2009 news Get the latest news and interviews from the conference floor. Check out our live coverage of Infosecurity Europe 2009.

At the Infosecurity event, hosted in London, Dorey explained why security professionals will need to adapt their manner and language in order to deal with different groups of people in their organisations.

"We are entering a time when IT security people are going to have to move from being merely advisors to the business to real professionals whose views are listened to," he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organisations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.

For that to happen, security professionals need to communicate effectively with a wide range of disciplines – including audit, risk assessment and compliance, IT and engineering. "They need to be like chameleons to fit into those disciplines," he said. "You may not become an expert in them all, but you must at least don the facade. ... Get some mentoring to help you understand them."

Don't miss need-to-know info! Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.co.uk and you'll never be behind the curve. Read more about data protection topics on SearchSecurity.com Connect with your peers to ask and answer data protection questions on ITKnowledge Exchange

Dorey predicted that many new threats will come in the physical infrastructure that increasingly depends on microcontrollers, or computer systems-on-a-chip, which are still largely ignored by the security world. The integrity of those physical assets will become increasingly important, hence the need for a greater appreciation of engineering.

Most of all, he urged security people to be business-like in their approach. This means thinking of the business context and relevance of whatever they propose; setting realistic priorities; working to influence people; managing change; being convincing in the boardroom, and showing leadership.

"I'm pleased that security people are now going on MBA courses. We ought to send more people for that kind of training," he said.

And to be really effective, he added, security should make things happen rather than try to block them. "Their attitude should be, 'You tell me what you want to do, and I'll show you how,'" he said.

Tags: IT Security Jobs, Careers and Certification Training,  Security Policies and User Awareness,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT Security Jobs, Careers and Certification Training UK IT security survey: Infosec pros lack formal qualifications Latest UK information security salary survey notes sharp pay increases Data security in financial services, IT security jobs in UK on the rise SSC announces PCI-certified internal auditor course for PCI assessment Report: Symantec set to buy VeriSign security unit VeriSign to sell authentication unit to Symantec for $1.28 billion Britain launches Cyber Security Challenge to find new infosec talent Information security salaries start to rise, recruitment rebounds Upsurge in infosec jobs for 2010 Salary research shows upturn for those who know how to sell security Security Policies and User Awareness Company files at risk of employee data theft Employee security training for Data Protection Act compliance Spy recording devices can be thwarted by portable USB security policy Background employment screening decreases insider threats, study says Risk management in information technology Information security awareness lacking in laptop users, according to study Kent company offers 'low-tech' hard disk destruction product Survey: Compliance efforts drive security, but may not produce results Using resource allocation management to prevent DoS and other attacks Cloud-based services require stalwart business continuity plans

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary