Resourcing Secure By Design

Written By George Bathurst

We can’t do Secure by Design; we don’t have the resources.

This is something we often hear. There is some truth to this statement. But what is the right resource? Surely, you need someone who is very technical, understands technology, networks and can fix complicated security issues – right? 

Wrong. Your project will need to understand these matters, of course. But what skills do you really need from a cyber security person? And how does this change in Secure By Design?  

Secure By Design is all about identifying and managing your risks, so your future cyber security team may look very different to the people you have interacted with in the past.  

There are three key skills that you should look for that may help you to get the right person for the job. 

  • Business focus 

  • Problem solving 

  • Clear communication 

Take the issue of asset identification, which is a key part of cyber security. What skills will the people you employ for this need?  

  • Can they use business objectives to help prioritise these assets by business criticality? 

  • Can they then approach senior business leaders and describe the assessment clearly so that mutual understanding is achieved?  

  • Can they understand the impact of loss of a key asset and communicate how this will affect objectives?  

  • Can they resolve disagreements or misunderstandings about technical issues to review, re-assess and communicate a practical, business focused outcome? 

Bee.net is here to help you understand the changing nature of cyber security and help you to find the right people for the job.  

George Bathurst
Previous

Business Objectives – why you should care! 
Next

How not to respond to a reported cyber attack