News Stay informed about the latest enterprise technology news and product updates.

Breach-proof? Look for security experts with deep functional knowledge

Security breaches occur so often now that it’s a rare week when one doesn’t make the headlines. Companies that hope to have a chance against these constantly evolving threats need to be hiring a new type of security professional, said a panel of security experts and practitioners at the recent MassTLC Security Conference in Boston.

For instance, at online marketplace Care.com, which collects sensitive customer information, the security officer role requires security and business expertise, said panel member Dave Krupinski, the company’s co-founder and CTO. The head of security has deep understanding of technology and security practices and a deep knowledge of the business’ digital and physical assets.

“[The security officer] is aware of our asset landscape, where all these assets are, and also aware of the threat landscape, where threats may be coming in,” said Krupinski.

Gerry Beuchelt, CSO at Demandware, a software technology company, agreed that companies need to hire security experts who have a deep technical understanding of the type of assets they are charged with protecting. “Do you want them to go down the application security path? [Then, they] need to know how to code,” he said.

Companies that are looking for candidates with both broad and deep functional expertise, however, are going to have to be more “creative” in their hiring processes, according to panelist Josh Feinblum, vice president of information security at cybersecurity firm Rapid 7.

“I’d say focus less on the ‘I’ve had four years of experience being a security engineer,’ and more on the ‘I’ve scripted things; I’ve automated things,'” he said, adding that he is probably the exception when it comes to security certifications: “If I see a CISSP on a resume, I almost disqualify the person.”

Care.com’s Krupinski agreed that someone who has had hands-on experience in the technology, particularly DevOps, a discipline which tends to be “more proactive about security,” is a more attractive candidate.

“You do want people who are very, very hands-on, familiar with the technology stack you’re working in, and also familiar with automation and [developing] tools and technologies that can simulate threats and that are running on a continuous basis against your systems,” he said.

Let us know what you think of this story; email Francesca Sales, site editor, or find her on Twitter: @fran_s_tt.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

While a broader knowledge base will certainly help, maybe enough to stave off the next few rounds of hack attacks, but it's not a solution.

Hackers have shown, time after time, that sturdier fortresses are just more fun to breach. They poke, they prod, until they finally break through. Then, of course, we build a taller wall and it all starts again.

We have a serious problem that needs to be fixed, not just repaired.
Cancel
Interesting thought - makes sense though
Cancel
It's true, it's like a never ending loop, unless until there is a fool proof technology is invented, this will go on for ever!
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close