
	Home > Ask the Security Experts > Security Management Questions & Answers > Best practices for choosing an information security team new hire

Ask The Security Expert: Questions & Answers

EMAIL THIS

Best practices for choosing an information security team new hire

EXPERT RESPONSE FROM: David Mortman, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 March 2009
I'm a security manager who's looking to bulk up my security team. The executives at my company would like me to try to promote someone internally from our help desk. Many of the IT pros there have years of experience, but not in security. Are there certain qualities or experiences I should look for in a candidate?

There are two main things that you should look for when hiring an information security professional: Someone who can think like a security person and someone who can be flexible enough mentally to pick up new ideas quickly.

By thinking like a security person, I don't mean "thinking like a hacker." While hacking skills are useful in some contexts, there is much more to security then that. Thinking like a security person means putting one's self in the shoes of various users and thinking about what their needs are. How will they use the software? Also, how will they accidently or intentionally misuse the software? Then it's a matter of finding solutions that address identified issues.

It's also important for the candidate to be able to think like a business person, or a programmer, or any other type of end user. Most importantly, however, he or she must understand that, in reality, security is about finding an acceptable compromise between perfect security and usability.

In order to achieve this compromise, the potential team member should be able to absorb new ideas and technologies quickly so he or she can help users make intelligent risk decisions. So in reality, those two traits I mentioned a minute ago are one in the same.

This mental agility, in my book, is far more important than years of experience. If someone has the right mindset, then he or she can learn the specific technologies or regulations required for the job. Working with this sort of person is far easier then breaking someone out of a solid mold.

For more information:

Learn how to boost the morale of an information security team after a data breach.
Looking to find a security management job after an economic downturn? Read more.

BROWSE BY TAG

Security Management, Information Security Policies, Procedures and Guidelines, Information Security Management, Business Management: Security Support and Executive Communications, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	How to prepare for a FERPA audit
	Why doesn't the CISSP cover information assurance and DIACAP?
	Data breach notification legislation: What info must be released?
	Risk management strategy for an information technology solution provider
	Are there guidelines to create a HIPAA-compliant data center?
	HHS HIPAA guidance on encryption requirements and data destruction
	Writing a patient identifier policy to prevent common HIPAA violations
	How to write technology outsourcing contracts
	The requirements for being a PCI DSS-compliant service provider
	The requirements needed to make an external penetration test legal

Information Security Policies, Procedures and Guidelines

Health Net breach failure of security policy, technology

How to protect distributed information flows

Essential guide: Pandemic planning for H1N1

Whitelists, SaaS modify traditional security, tackle flaws

Melissa Hathaway urges more cooperation, government attention to cybersecurity

Reuters: Obama ready to select cyber security czar

How a corporate Twitter policy can combat social network threats

Should enterprises be concerned with Twitter in the workplace?

Information security management hype: Debunking best practices

Data breach avoidance begins with security basics, panel says

Business Management: Security Support and Executive Communications

Cost of security, IT management add up at healthcare facilities, study finds

Secure your remote users in 2010

Layoffs prompt insider threat fears, cybersecurity survey finds

How to use Internet security threat reports

Aligning network security with business priorities

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

New partnerships, creative thinking help security bust recession

How to align an information security framework to your business model

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

defense in depth (SearchSecurity.com)

non-disclosure agreement (SearchSecurity.com)

security policy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy