Five steps to climbing the IT security ladder

Five steps to help stay ahead of the pack in IT security

It is a dog-eat-dog world today, making it not only tough to get a job, but also to keep it. But, if you have got your sights set on climbing higher, keeping your head down is not an option. Instead, you need to raise your game. Here are five steps to help you stay ahead of the pack.

Step 1: There’s no I in team – but there should be

The first thing you need to get over is being coy about your involvement, and achievements. Let’s face it – businesses have to run PR campaigns to build brands and you should do the same. The sales team is a perfect example - if one lands a big deal you can be guaranteed it is not just the sales team that knows, instead the whole company is expected to applaud.

Next time you speak at an external seminar, tell people. Build your profile outside of the organisation by using LinkedIn and other social media tools. Present at the next sales conference of the dangers or remote working and how to protect yourself, host regular security summits about innovative introductions, perhaps host a ‘latest scam’ column in the corporate newsletter. Whatever it is, make sure you are seen to be proactive at keeping the organisation secure.

And it is not just about you. To move up, you need to be seen as a leader, and that includes making your boss look like a leader too. Keep them up to date about any IT security trends inside or outside of the company, and let them know about any major events, so they are able to respond to any questions they get asked.

It is about the department too. Most view IT security as just another business function – but it is so much more. Make others realise that IT security can enable a responsive, flexible business to keep innovating and stay in front of its competition.

Step 2: Step up to the plate

Companies are making the headlines, for all the wrong reasons. Your job, as well as your promotion, depends upon making sure yours does not.

Make sure that you have comprehensive IT security in place – from the perimeter to the employees – and take a step back regularly to ask yourself if you’re doing things the best possible way  and not just the way it’s always been done.

For example, until recently most organisations kept their information in silos, on a need-to-know basis. But then problems were encountered when teams could not access the right information when they needed to so, in response, companies got rid of silos to enable data to flow across all departments. 

However, with sensitive data now accessible to many more people, companies have increased the risk that some of that data might get breached. Instead of getting rid of silos, consider keeping them to hold your organisation's most sensitive data, but ensure that you enable access to just those who need it. If you do have ‘super users’ with increased privileges, then make sure that are regularly audited and delegated through a privileged identity management system to ensure that you are in control of who can access those powerful log-ins that open up a organisation’s most sensitive data.

Share the latest threats facing the organisation and pass on details of data breaches and mistakes made by others in your industry to make sure that your employees know what they should and should not do. Your leadership team will see that you have put in place the right processes for the good of the organisation.

Step 3: Take the bull by the horns

Your management may just assume that the company will pass its IT security audits. However, if it fails, it will take up executive and IT staff time to plan remedial action. The best way to ensure that you pass audits first time is through your advance preparation.

It is valuable to embrace the findings of the auditors and show how their services can benefit the organisation and help make it more secure. Getting the auditors on your side and willing to promote your adoption of best practices, can help raise your profile at the top. 

It is also worth thinking about moving from point in time compliance to a continuous compliance strategy. This relieves the pressure of preparing for an audit since every day is audit day.

Audits and compliance are rising in importance, as institutions such as the European Union threaten significant fines for companies who lose data. The IT security landscape will soon be one where breaches hurt the company's bottom line more than ever.

Step 4: Think, and act, strategically

These days, budgets are set at the start of the year and there is not any flexibility to deal with unexpected costs. This makes it increasingly important to prove what you are delivering and how IT security makes a difference to the balance sheet. Consider the cost/benefit analysis required by the chief financial officer (CFO) by outlining the potential losses versus the costs of mitigating the losses in advance, presenting a business case that has a clear ROI.

By showing that IT security can be a strategic asset, you are less likely to face a battle for resources while making the IT security department look good to the bean-counters and shareholders.

Step 5: It’s not what you do; it’s the way that you do it

At the end of the day, there is there is no substitute for true integrity. Of course, you have to have drive and ambition to get promoted, but you must also have integrity. If you act in good faith, in the interests of the company, and its management, without compromise, then there is every chance that the promotion’s in the bag.


Philip Lieberman is CEO at Lieberman Software

Image: Thinkstock

Read more on Privacy and data protection