ISSA Middle Tennessee Chapter
Building Information Security into a Company's Framework
Information security is constantly changing, so for Jeff Cobb, SHI International Corp.’s security practice director, the key is equipping people and companies with the skills they need to be adaptable and agile.
“The organizations that are able to take advantage of technology and move quickly and enter markets, and all those different kinds of things to help satisfy goals and objectives, I think those are the kind of companies that are stepping outside of the box,” Cobb said.
Sometimes this means taking a step away from looking at technology and focusing instead on the people and processes that contribute to information security within an organization.
That’s the kind of work Cobb does now at SHI — one of InfoSec Nashville 2019’s diamond sponsors — and he’s passionate about helping people and companies develop transformational mindsets around security.
“It’s really unique and interesting to be able to go in at various levels of an organization’s growth and maturity and figure out how we can set foundation levels of maturity and continue to solve problems to help those companies grow,” Cobb said.
One key component to empowering people to make decisions around technology is helping leaders to build security into the very foundation of their companies. Cobb believes that security should be just as important as other values and behaviors that leaders try to instill across an organization.
“How do you create strong culture and core values inside an organization to begin with? When I think about security, is executive leadership weaving that into that discussion?” he asks.
This also requires persistence. Beyond basic annual trainings, Cobb thinks it’s important for companies to give all users the opportunity to practice awareness repeatedly, because that’s the only way people will learn and improve.
“It’s all those different things to challenge the mindset on the people and process sides of things before we transition into the technology. How can we behave, how can we truly work differently going forward? And sometimes that’s a little uncomfortable, it’s maybe a little bit radical.”
For those who are looking to “bake security in” to the framework of their companies, Cobb advises that you first develop a clear understanding of the objective you’re trying to achieve and then start with one or two simple steps to help you get there. He also encourages leaders to look at security holistically, considering the people, processes and technology equally.
He also warns people to not forget about the issue of talent attraction and retention, as there is a growing labor shortage in the tech industry.
“Success starts with people, and for my team, especially if I’m going to be successful, I have to be able to retain and continue to mentor and grow the people I have on my team today. And then I’ve got to be able to continue to find good talent when we have opportunities to grow the team.”
SHI Corp. is a diamond sponsor of InfoSec Nashville 2019, held on Sept. 13 at the Music City Center. Register now to attend the conference.