Connect with us

Hi, what are you looking for?


Management & Strategy

Security Execs Say Next-Generation Security Teams Need More Than Tech Skills

A new report details advice from some of the world’s largest companies on building a next-generation information security firm.

A new report details advice from some of the world’s largest companies on building a next-generation information security firm.

The report was released today by EMC’s RSA security division and features advice from the Security for Business Innovation Council, a group composed of executives from Global 1000 enterprises, including JPMorgan Chase and Nokia. The report argues that information security teams must evolve to encompass skills not traditionally related to security such as business risk management, marketing and law.

“The information security mission is no longer just ‘implementing and operating security controls’, but has evolved to include advanced and business-centric activities such as: business risk analysis, asset valuation, IT supply chain integrity, cyber intelligence, security data analytics, data warehousing and process optimization,” the report notes. “There are many new skill sets required so a significant challenge in building an effective team is the shortage of professionals with the right skills.”

To help organizations get started on building the right team, the council offers seven pieces of advice:

  • Redefine and Strengthen Core Competencies – Focus the core team on increasing proficiencies in four main areas: cyber risk intelligence and security data analytics; security data management; risk consultancy; and controls design and assurance.
  • Delegate Routine Operations – Allocate repeatable, well-established security processes to IT, business units, and/or external service providers.
  • Borrow or Rent Experts – For particular specializations, augment the core team with experts from within and outside of the organization.
  • Lead Risk Owners in Risk Management – Partner with the business in managing cybersecurity risks and coordinate a consistent approach. Make it easy for the business and hold them accountable.
  • Hire Process Optimization Specialists – Have people on the team with experience and certifications in quality, project or program management, process optimization, and service delivery.
  • Build Key Relationships – Develop trust and influence with key players such as owners of the “crown jewels,” middle management, and outsourced service providers.
  • Think Out-of-the-Box for Future Talent – Given the lack of readily available expertise, developing talent is the only true long-term solution for most organizations. Valuable backgrounds can include software development, business analysis, financial management, military intelligence, law, data privacy, data science, and complex statistical analysis.

“For this transformation to be successful security must be seen as a shared responsibility that requires active partnerships to manage the inherent risks to the business in the ever-evolving threat landscape,” said Art Coviello, executive chairman of RSA, in a statement. “It is imperative that organizations can develop a security team with the right expertise needed to get the job done.”

The full report can be read here.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.