Communication – The Forgotten Security Tool

This article provides tremendous advice concerning a vital component of IT security often overlooked and ignored.  To simply state the obvious – communication is key.  Yet, in the world of IT security, we very quickly get lost in a sea of technical jargon and alphabet soup acronyms.  Technical speakers often get their audiences lost in the weeds of the “how’s” and “why’s” a security control is needed or a risk is eminent, yet those same speakers never realize anyone is lost because they alone hold the map and never look back.

We as IT professionals need to understand our audiences and their capacity for understanding and reason.  Technical controls and eminent risks should be translated into real world examples and practical analogies.  We need to be succinct, clear, and timely in our comments.  We need to choose our conversational battles and not find ourselves perpetually holding an umbrella while ranting as the sky falls around us.

And above and beyond all of these things, we need to shut up from time to time and truly listen.  We need to hear what management teams and end users have to say.  We need to ask for and receive with a decent modicum of humility constructive criticism about what is working in the security practice and what might be a significant hinderance to business success.  There is always more than one way to tackle a problem, and though many of us have our favorite ways of doing things, those favorite approaches do not hold exclusivity when it comes to what is right for any given business environment.


Most Orgs Worried Skills Gap Will Leave Them Exposed to Security Flaws

Interesting statistics…change is inevitable.  Skills must grow and change and adapt to meet the demands of IT growth and consumer demand in these spaces.

Healthcare challenges: Ransomware and the Internet of Things are the tip of the iceberg

This article does a wonderful job shining a light on the void that exists between true security and an understanding of what it takes to be more secure in the healthcare industry. I agree that risk management, a construct fairly familiar to healthcare providers, is a great starting point.

10 Respected Providers of IT Security Training

I am a user/participate/member of several of the organizations on this list and I can honestly say there is tremendous value in this content.  Continuing education is absolutely vital to the success of IT Security professionals the programs they oversee.  Please review and take advantage of these resources.