What do you wish security professionals would start/stop doing?

4.1k views2 Upvotes6 Comments

CEO and Co-Founder in Software, 51 - 200 employees
We have to better communicate about threat. Still today, we have 16 iSCSI, 1000s of people on iSCSI, but nobody communicates the real substance. They keep talking about IOCs. To me, IOCs are stale fish. After 10 minutes, that IOC is useless.

On another note, my doctorate was on AI-based agents for large scale institutions. Today, I say stay away from agents if you can, because with API's, you really don't need agents. Everybody has real estate today, and their own assets. Whether you're an IoT or whether you're traditional with your MDR, EDR, you name all the three-letter acronyms, you have real estate. You can use API's, and you don't have to reinvent the wheel by installing yet another agent. I'm a firm believer in using what you have. Don't reinvent it.
Head of Information and Data Analytics in Software, 5,001 - 10,000 employees
I am absolutely passionate about both AI and cybersecurity, and the community. There's quite a few opportunities in terms of building a community around cybersecurity, where for the most part, things have been siloed and more so the enterprise-centric old way of doing things. Obviously, as you just catch up, the world keeps changing. With the amount of change that is happening, it's hard for everybody to stay up to date. So I have a few thoughts in terms of creating a community for incident responders. Like we have tried with threat intelligence. It was good, but that's not actionable. So when we talk about specific incidents and sharing that knowledge among peers, that is actionable, which makes more sense.
Director Of Technology in Education, 51 - 200 employees
Stop acting like they have a law enforcement background. Unless the security professionals have genuine experience at the CIA, FBI, or NSA it’s often a bit of an dog and pony show that turns off the audience. Be approachable rather than appearing knowledgeable.
Principal Information Security Officer in Education, 10,001+ employees
Stop spreading FUD (Fear, Uncertainty and Doubt) to get increases in budgets and head count (rather than using real metrics, historical quantifiable risk data and fact-based evidence).
Director of Information Security in Manufacturing, 1,001 - 5,000 employees
STOP thinking about security as some kind of super exclusive club, where you need to have a kazillion certifications to even get started into a career. Most of it is common sense and can be learned by doing!
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
Start talking about what security enables an organsiation to do, rather than trying to stop the org from doing anything.

"We have a a CASB, this means we can allow access to tools you need to do your job"

"We have SASE, this means we can enable remote working with fewer controls"

and so on

Content you might like


Not yet, but we’re developing one.36%


Other (please specify)2%


2k views1 Comment

Lead digital business/transformation initiatives26%

Upgrade IT and data security44%

Identify new data-driven business opportunities15%

Collaborate with business leaders on customer initiatives4%

Help reach specific goals for corporate revenue growth11%


1.3k views1 Upvote