If you’re a security professional who’s regularly telling IT and the business side what they’re doing wrong with security, you’re doing it wrong.
That’s what John Peronti, president of IP Architects LLC, told attendees at Interop New York last week. “They have no incentive to spend time with you if you [only] tell them what they are doing wrong,” he says. Security pros should serve as risk advisers to the company, he says.
“As security people, we are better at talking about threats and vulnerabilities than we are about risk,” Peronti said. But it’s time to shift that mindset, he says, and to embrace the security risk profile approach.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…