Thomas Tschersich, Chief Security Officer at Deutsche Telekom (pictured) has taken to LinkedIn to warn security teams that they need to do more to support the development of new products and services.
…I don’t want to be someone who just tells others what can’t be done. I’d rather be someone who opens up opportunities. I want to help ensure that security teams are perceived as a value-added factor rather than a cost factor.
Network security professionals need to hear this kind of message from leaders more often. As Tschersich admits, they can often afford to be negative because they are perceived as being indispensable.
Of course, we could care less because no company can do without us. According to a recent YouGov survey, 70 percent of European companies consider IT security to be the most important technology of the future. We’re in demand: Almost half of CIOs complained in a survey by staffing firm Robert Half that they were finding it most difficult to hire IT security specialists.
Whilst security professionals may find high demand for their services, Tschersich argued that the field of technology security is not learning from the examples set by other technologists who have been more willing to adopt agile methods.
With a traditional way of working, we security managers are only lagging behind.
His advice was to make the concept of security by design real for a business by embedding the philosophy within the work being done across the organization.
…contemporary corporate security has to explain to colleagues exactly how they have to build their innovations in order to get approval later on. My team provides assistance throughout the development process and takes responsibility for new solutions and services.
Tschersich wants security teams to adopt two new objectives:
- become more entrepreneurial to ‘help the business do its business’; and
- provide explanations that non-technical audiences can understand in order to communicate security decisions ‘in a compelling way’.
Tschersich concluded by asserting these objectives had already been adopted by his Deutsche Telekom team. His advice is sound, so let us hope more security practitioners acknowledge the importance of not just pointing out how things can go wrong, but also explaining how to make things that work right.
You can read Tschersich’s LinkedIn article here.