The Strategist's a thinker
||At the heart of a Security Strategist is
a thinker. He/she balances business and technology, and has the ability
to convince the higher management and the floor-level personnel about the
criticality of security.
|S B Patankar
Director Information Systems,
The Stock Exchange
A Security Strategist is a special person in an organization. I say special,
because the most essential quality of a Security Strategist is that he/she should
be a thinker.
The person should know the business and the technology nitty-gritties, equally
well. The strategist should have the capability and skill to create awareness
among personnel at the highest and lowest level so that there is unanimous approval
to implement a security infrastructure.
A complete security strategy?
No person or object is perfect in the world, and thus no
security strategy can be completely foolproof. One has to recognize the importance
of security in an enterprise in relation to the applications being used. And
based on this, the Security Strategist has to create a strategy, build a policy,
and make sure they are implemented.
Technology is just part of the solution. The Security Strategist has to work
out means to connect the benefits of technology to the security needs of the
business, and make sure that the solution will be implemented properly.
A Security Strategist has to be a person who can mitigate risks. It is important
for the Strategist to analyze the business processes of the organization. By
doing so, the Strategist can calculate the amount of potential risk and threats
The Strategist must then plan and deploy risk mitigation mechanisms that can
best counter the perceived risks. The mechanisms should be just the right amount
so that the security architecture is not under-done or overdone.
As it is necessary not to build a weak security mechanism by restricting the
budget, it is also necessary not to overdo the deployment of security architecture.
Security is a combination of technology and people, and the Security Strategist
should have the maturity to understand that. An organization may have a lot
of documented policies nicely filed and kept on shelves. But it takes the combined
effort of all the personnel in the organization to ensure that the policies
will be implemented.
A Security Strategist's job does not come without challenges. The biggest of
them all is to is to get approval from the higher management. And these approvals
are mostly related to the budget.
Another challenge is to convince people and drive home the importance of security
in the organization. A business person will always insist on revenue returns
for the expenditure, so it's always difficult to convince.
Signs of success
A successful Security Strategist will have changed the mindset of the personnel
to an extent that security will be a part of their life. Security will no more
be an optional thing. The Strategist will have changed the culture in such a
way that everybody respects the security framework and infrastructure. And this
I believe is the hallmark of a successful Security Strategist.