|
|
|
|
|
|
by RobPomeroy
2208 days ago
|
|
|
I'd add to this list: try to understand the commercial context of your organisation (or altruistic context, for non-profits). Other than security vendors, orgs don't exist for the purpose of security. So learn how infosec can add to the org's mission. That may be through controlling risk, differentiating your org from others ("Hey, we have ISO 27001!") or if necessary ripping out and eliminating expensive security snake oil. Also, which applies to any job in any organisation - try to understand pain points higher up the organisation. E.g. does your board struggle to justify infosec spend, since they can't measure its value/ROI? Then develop some metrics and report on them! (Perhaps start by learning about ROSI, in that case.) |
|
|