Traditional IT security professionals need to evolve into risk management professionals to survive in the game
In IT, as in life, those who dont evolve, simply perish. It is therefore crucial for IT professionals to constantly evolve themselves and attune their mindsets with the changing times. Gartner VP and distinguished analyst, Paul Proctor, who works with enterprises to help them build mature risk and security programs believes that IT security professionals need to evolve into risk management professionals not only to better align security programs with business needs but also to survive in the game.
The way I see itall security officers fall into one of two camps: 70% are traditionalists and only 30% are true, risk management professionals. We can do better, Proctor wrote in a recent blog post.
According to him, traditional security professionals adhere to a certain philosophy which can be detrimental to their cause. Traditionalists believe that IT risk is a technical problem, handled by technical people, buried in IT and every problem is solved with a new technology. Also, they view themselves as heroes hired to protect the company at all cost.
Proctor said that there are fundamental differences between how traditionalists view their roles and how true risk management professionalscurrently in the minorityview their roles in the organizational scheme of things.
Evolved risk management professionals believe that the role of risk and security is to balance the needs to protect the organization with the needs to run the business and that they can work well their non-IT counterparts to balance risk and security. They also believe that they can bridge technology issues into non-IT business decision making, wrote Proctor.
I believe the risk management professional camp is growing at 5% per year and the traditionalist camp is shrinking by about 5% per year. If you want to remain relevant, you should be thinking about evolving, he cautioned the traditionalists.
So, which one are you? Adidas