Are you waiting for the next Gartner Security Report, making plans to evaluate some technology your CEO might not approve after she slashes your funding and maybe your job?
As a security professional, you can blame hackers, buggy software and the economy – or you can do something different.
“Life is what happens to you while you are busy making other plans.”
7 steps you can take right now to improve security in a slow economy
1. Do not buy security technology, Add business Value.
Many companies equate information security with information technology. This is mistake. Do not buy . . . instead add value. Take your existing security products and services, create something new and offer it to your customers as a package. Why? Because you have already paid for implementation, you only have to absorb the cost of your time and internal marketing instead of taking money out of the company bottom line when you buy and implement new technologies.
2. Attack Now or Be Eaten Later!
Are you wondering how you can trace leaks of sensitive marketing documents? Scared whitless about how your competitors will hack that new Oracle J2EE self-service application, customer service is rolling out? Attack your own systems. Now. Wait and you will be lunch for the sharks.
3. Reinvent your offerings
Whether you are an independent security consultant or engineer in company with 100,000 employees – you have customers. Customers are our bosses. If you want job security, then create new interest with your customers. Repackage and rename the services you sell your customers. Start small – for example by offering attack modeling for one business unit in your company, and grow your internal practice over time with word of mouth marketing.
4. Do not hang on at any cost
Do not wait if your company starts getting engulfed in the firestorm. Your security skills are transferable to other industries, other disciplines. There are other opportunities – you will find them and survive.
5. Change your business model
If your customers cannot afford what you sell – change the rules. Paying too much money to manage MS Exchange and a lot of content security – drop it and migrate to Google Applications. Now is the time to make the change.
6. Do not be cheap.
This one is directed to executives. The last big downturn, I remember in 2002 got worse in 2003 and executives were looking to hire on the cheap – people with narrowly-focussed skill sets. Not a good move. A security professional who is smart, can hack and can communicate and costs 50% more is worth 4 or 5 of the coffee drinkers who maintain your firewall.
7. Take Action.
Do not stress out about the economy. While you are thinking about how to negotiate a 75% discount from the new data loss prevention system you really need – your competitors will be all over you Take action – invest in monitoring internal transactions and start shutting down the vulnerabilities you never saw before.