Being asked to run an infosec program while managing multiple operations teams is a fine line. It is all too easy to focus on the teams’ needs without considering the infosec requirements and vice versa.
The reality is that line is important – that’s where everyone wins. But does it exist?
I haven’t met an engineer who didn’t think infosec was important, after all, we all know that if you get security wrong it creates all sorts of work. But it is just too easy to get lost in the day to day work and forget security.
This is where management comes in. If you can create the right focus and interest and drive with management then infosec will be important to them and, let’s be honest, if it’s important to your boss, it’s important to you.
That sounds overly simple doesn’t it….