By thinking like a security person, I don't mean "thinking like a hacker." While hacking skills are useful in some contexts, there is much more to security then that. Thinking like a security person means putting one's self in the shoes of various users and thinking about what their needs are. How will they use the software? Also, how will they accidently or intentionally misuse the software? Then it's a matter of finding solutions...
that address identified issues.
It's also important for the candidate to be able to think like a business person, or a programmer, or any other type of end user. Most importantly, however, he or she must understand that, in reality, security is about finding an acceptable compromise between perfect security and usability.
In order to achieve this compromise, the potential team member should be able to absorb new ideas and technologies quickly so he or she can help users make intelligent risk decisions. So in reality, those two traits I mentioned a minute ago are one in the same.
This mental agility, in my book, is far more important than years of experience. If someone has the right mindset, then he or she can learn the specific technologies or regulations required for the job. Working with this sort of person is far easier then breaking someone out of a solid mold.
For more information:
- Learn how to boost the morale of an information security team after a data breach.
- Looking to find a security management job after an economic downturn? Read more.
Dig deeper on Information Security Policies, Procedures and Guidelines
Related Q&A from David Mortman, Contributor
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.