Phil Cracknell, president of the Internet Security Systems Association (ISSA), has told ComputerWeekly.com in an...
exclusive podcast interview that he hopes to develop mentoring to help IT security professionals progress their careers.
Cracknell's aim is to make the ISSA an incubator for IT security staff with career ambitions to become heads of IT security.
"We have very much an exclusive club for heads of security and ambitious staff generally have no exposure to chief security officers on a day-to-day basis," he said.
"We want to offer networking opportunities, a forum for learning and mentoring, and exposure to otherwise elusive thought leaders."
Cracknell also wants the Internet Security Systems Association to work as a catalyst to bring together the many disparate security associations, which have many common objectives.
Through leglislation such as Sarbannes-Oxley, Cracknell believes businesses have a higher state of readiness regarding IT security.
"End-users feel more monitored and feel more restricted, but they still feel incredibly vulnerable," he said, adding that end-users need to take more responsibility for their actions to prevent unnecessary security risks.
Progress is part of the challenge, said Cracknell. "The industry wants to deliver to the demands of the user, but users want new functionality. They rarely specify security as a criteria in their buying decisions.
"I think most people would not be prepared to wait twice as long and spend twice as much for a secure application or operating system."
Equally, if the industry were to self-regulate and only release secure code, then users would demand far faster delivery of new product releases, Cracknell said.
Cracknell wanted to see the various user groups, such as ISSA, the Jericho Forum and the BCS, work to broker a deal between the user community and suppliers, to balance the demands for high security with the need to deliver new products,
Related article: How to assess and mitigate information security threats
Comment on this article: firstname.lastname@example.org
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management