If you’re a security professional who’s regularly telling IT and the business side what they’re doing wrong with security, you’re doing it wrong.

That’s what John Peronti, president of IP Architects LLC, told attendees at Interop New York last week. “They have no incentive to spend time with you if you [only] tell them what they are doing wrong,” he says. Security pros should serve as risk advisers to the company, he says.

“As security people, we are better at talking about threats and vulnerabilities than we are about risk,” Peronti said. But it’s time to shift that mindset, he says, and to embrace the security risk profile approach.

SOURCE: darkreading.com