Now this probably is more helpful for larger organizations or even corporations vs. potentially alot of my audience, but hopefully give you all something to think about. . I did a little security department design daydreaming today and thought about the question, “Jim, if you had the chance to hire a new person to your security department or are starting from scratch (not talking about zero-based staffing), what skill set would you hire?”
Now the easy answer is, a security person or that missing (technical) skill, but in my years of experience I have rarely had the chance to stop and think about this but I would do it this way now.
I remember a VP of Security and I walking down downtown Tampa’s Franklin Street Mall one day when I was with a small business unit and she asked me, “Jim, what skills set is missing from my organization?”, and at the time, I quickly said “dedicated software development resources”. Now I focused on not security people that are software developers, but actual dedicated software developers to develop tools for the security people. Big difference. Security people with software development skills are good security people, but which skill set will be utilized the most? The security side. The software development side of them is part of the wisdom / knowledge their would use in their security role. I have been coding since I started in the technology industry from BASIC to Shell Scripting to a little C to ol’ dBase to some SQL and have a ton of respect for developers, but I only do development with I need to fix a short term problem, far from my primary skill.
So I clean the slate of my imaginary security org chart and started over. So do I get 3 people or 20 people? Do I get FTEs?, only employees?, can I outsource? Or let’s assume I have all the security skills (different than capacity) I need…..
How about a Marketing / Sales person for designing those ROI Presos to the execs?
How about a data scientist / DBA data model design work?
How about a analytics / BI person (shameless plug for Tableau) for visualization and dashboard DESIGN help?
How about a finance person for business cases?
How about a software developer for widget tool development?
How about a web / WordPress designer?
How about a project manager (PMP-like)?
How about a training developer for security awareness development and team training management?
How about a customer satisfaction survey / NPS expert?
Now remember, I am going to have to get someone else to help do the interviews outside my staff.
I could go on, but you see my point, sometimes I think, if I had only three headcount and only hired 1 security person and 2 people with the above skillsets, I could “justify” more security people faster. The alternative is going to the people in the overall organization (e.g. marketing department) and ask/partner/beg for these skills to help you? Insource to your own organization or tack onto an existing supplier contract. You may even find there is extra resources on a supplier contract for the skills that wouldn’t cost you anything.
Something to ponder on your next headcount increase or attrition opportunity or even initial design.
For my church audience that has no security skills but want to hire that first one, I will address that in a future post, very specifically.
What skillset would you want next? Post a comment
Be blessed and remember, its all about Simply Secure, Simply Designed, Simply Fun