Thursday , 29 June 2017
Home » NEWS » EDITOR’S NEWS » Information Security FS 2014: “Run your security department like a consultancy”
Information Security FS 2014: “Run your security department like a consultancy”

Information Security FS 2014: “Run your security department like a consultancy”

Run your security department like your own consultancy, and the company as your customer.

Speaking at the Financial Services Information Security conference in London, information security and risk executive Jitender Arora said that the key to success is communicating effectively for a shared sense of purpose, listening to what is brought to the table and addressing failure as so often, we are scared of failing.

He said: “As security people, we can be successful if work within the business as our own entity, our own consultancy.

“How many understand what service we provides? Some say send emails, or reset passwords, and we ask do you know how to contact security department if need them? For three months we brainstormed on what services we were offering and produced a catalogue, but we have to be clear to explain what we are providing, as the CISO provides a service.”

He pinned it down to three areas: communicate, and determine what your strapline is and what services you offer, who are your customers when you produce the material; listen, as if you start listening in your own businesses as if you do not, you will not make enough money as you are in a comfort zone; and finally trust, as how many times do you think “have we done enough to get repeat business”?

“If we think of it as our own consulting business and the board as customers, and think ‘are we doing it right’, if the answer is yes then we have a better chance of being successful,” he said.

In a blog post on this topic, Arora featured a mindmap on the topic.

About Dan Raywood

Dan Raywood is the editor in chief of the IT Security Guru. A journalist with more than 13 years experience, Dan has been at the forefront of the information security industry.

As the news editor of SC Magazine he covered breaking stories such as Stuxnet, Flame and Conficker and the online hacktivist campaigns of Anonymous and LulzSec, and broke the news on the EU’s mandatory data breach disclosure law and a vulnerability which affected more than 200 sites.

Contact Dan on dan@itsecurityguru.org, by phone on 0207 1832 839