THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Anthony Harvey, Chief Information Security Officer, City of AlexandriaThe City of Alexandria has roughly 150,000 residents, numerous public and private businesses, and over 3000 staff members to serve the needs of its residents. A subset of those 3000 consists of over 75 Full Time Equivalents(FTEs), as well as contract staff providing subject matter expertise within IT, and an even further subset of 3 FTEs within Information Security. So,with limited resources, how do you do more with less, and how do you effectively maximize your return in security investment from the stand point of both human and technology capital? Having a small team with limited government resources requires creative thinking to maximize security investments.
One way we have successfully addressed this challenge is through automation. Automation reduces the amount of time spent on routine operations,providing more time to create value within an organization. This can mean several things from a cybersecurity perspective, ranging from the risk assessment process to the functions seen in Security Operation Centers (SOCs). However, the security employee skill set required to utilize automation is different from the traditional security employee skillset. The switch from point-and-click administration to an automation, scripting, and “DevOps” mindset is not only a technical skill change, but also a cultural change. Security orchestration, automation and response (SOAR)is a force multiplier for security the same way IT is a force multiplier for an organization, and it only makes sense to take advantage of it.
“The pandemic and shift to remote work has demonstrated that attracting and retaining talent is more important thanever”
To find these new skillsets, be sure to review your hiring practices. The pandemic and shift to remote work has demonstrated that attracting and retaining talent is more important than ever. Creative thinking is essential to finding solutions like strategic partnerships with local universities/colleges, leveraging neighboring jurisdictional resources, and crafting innovative compensation packages (even non-monetary, such as compressed schedules or extra vacation days).A multifaceted approach will help attract the talent required to customize an optimal workforce for your organization.
Keep in mind that not all resources required to be successful with “less” must be acquired outside your organization. Whether it’s internal audit, your legal team, or the communications department, you need to ensure that you’re building internal relationships and leveraging “inside expertise” to achieve your goals. Establishing security partners or champions within your organization allows for quicker rollouts, better feedback, and dotted-line relationships to accelerate your security team’s growth.
Even with all strategies engaged, it is equally important to ensure stakeholder buy-in. No one expects your organizational leader to know cyber in and out; however, ensuring that you communicate the value of a diversified approach will pave your path to success.
Read Also
