DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » Improve IT Security by Improving Company Culture

Improve IT Security by Improving Company Culture

By: contributor on June 6, 2017 Leave a Comment

All around the world, cybercrime rates are rising, and it’s clear that traditional criminals are constantly developing new ways to attack. These days, wreaking havoc requires nothing more than internet connectivity and a pronounced lack of scruples. With a lowering barrier for entry causing an increase in the pool of malicious actors, many enterprises are struggling to protect themselves.

Recent Posts By contributor
  • How to Ensure DevOps Success in a Distributed Network Environment
  • Dissecting the Role of QA Engineers and Developers in Functional Testing
  • DevOps Primer: Using Vagrant with AWS
More from contributor
Related Posts
  • Improve IT Security by Improving Company Culture
  • Chip-to-Cloud IoT: A Step Toward Web3
  • Security Should Be the Top Driver for DevOps
    Related Categories
  • Blogs
  • DevSecOps
    Related Topics
  • c-suite
  • company culture
  • devops
  • IT security
  • security professionals
Show more
Show less

Buzzwords such as “cybercrime” and “black hat” are now commonplace, and global spending to combat cybercrime reached $80 billion in 2016. Despite these efforts, only 38 percent of organizations surveyed for ISACA’s “2015 Global Cybersecurity Status Report” were confident in their ability to defend against cybercrime attacks.

DevOps Connect:DevSecOps @ RSAC 2022

Why Does Security Still Suck?

With high levels of cybercrime awareness and direct steps being taken to address these challenges, it begs the question: Why does IT security still suck?

One of the primary reasons many enterprises struggle with cybersecurity is a lack of cultural support in the workplace. C-suite policies often hinder success more than they help by pushing employees to the brink and creating an environment that leaves their businesses susceptible to human error and attacks.

While Brooks’ Law can serve well as a guide, it’s often a harbinger of bigger problems in many enterprises: When a software project is running late, leadership often brings another employee onto the project and, as a result, slows things down even more. Between the security system add-ons and services and the human capital involved in taking time to understand the issues as they arise, productivity takes a major blow—without any measurable benefit to security. This traditional tactic has attempted to ignore the crucial fact that 77 percent of professionals said that their information security policies and teams are slowing IT down.

Compounding these issues is the fact that traditional security tools require an immense amount of time and manual labor. Because these legacy platforms do not have the ability to automate even basic functions, IT professionals are often required to monitor security tasks and patch vulnerabilities around the clock. This is a major responsibility, as the costs of an attack or other breach can be devastating to an enterprise.

Further, IT security professionals are rarely rewarded for successful efforts. This is challenging for two reasons. First, no one is congratulated for creating a security-sound app, as the consumer expects nothing less. Second, it can be difficult to convince corporate leadership of the need for improved, automated security tools before an attack occurs. Painting a realistic depiction of a hypothetical situation (in this case, the damage caused by a cyberattack) is hard to do, and professionals often struggle to demonstrate their value without resorting to scare tactics. Scare tactics, independent of statistical supportability, have a shelf life and are subject to diminishing returns. Corporate leadership teams don’t regularly identify or prioritize security problems until it’s too late, so they don’t consider the cost to their employees who are fighting these battles on a daily basis. Together, all of these factors add up to fatigue, frustration and burnout for IT security professionals.

It’s safe to assume that we all want to do our best work. When we don’t have the tools and support necessary to do quality work, attitudes and culture suffer.

To stay ahead of security concerns, C-suite policies must not tackle IT issues or adjust to new regulations as they arise, but ensure that efficient, effective security practices are baked into agile DevOps processes rather than bolted on. It is essential for leadership to be proactive, rather than reactive—once an enterprise falls behind the curve, its software applications and valuable data are at increased risk until vulnerabilities can be patched.

Perhaps not surprisingly, this proactive attitude does not always come naturally. Management often wants to do things the way they’ve always been done, but they need to become more agile as well. Security within an organization will benefit from pushing awareness across the enterprise, rather than keeping security professionals siloed within their own department. There’s a fine line between educating employees and using scare tactics, but leadership must be informed of vulnerabilities and necessary steps for shoring up weaknesses.

However, education can only go so far; automation is the real key to taking the risk out of the hands of security professionals. Modern tools will allow your team to rest easy at night while proactively focusing on your enterprise’s rapidly evolving applications. This makes your employees happier, your security stronger and your business better.

About the Author / Ash Wilson

Ash Wilson is a strategic engineering specialist at CloudPassage. He has been a paid tech worker since March 2000, and a hobbyist long before that. He came to security via network engineering and systems administration. Ash spent the last five years in post-sales engineering and strategic engineering for security product companies. Connect with him on LinkedIn and Twitter.

Filed Under: Blogs, DevSecOps Tagged With: c-suite, company culture, devops, IT security, security professionals

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« DevOps Doesn’t Stop at the Database
DevOps Needs a New Cloud Solution for Best Practices »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

What Is User Acceptance Testing and Why Is it so Important?
June 27, 2022 | Ron Stefanski
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
DevOps Connect: DevSecOps — Building a Modern Cybersecurity ...
June 27, 2022 | Veronica Haggar
Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New No...
June 30, 2022 | Richi Jennings
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.