In this video interview, Jeremiah Grossman, founder and chief technology officer of White Hat Security, sheds light on the inverse investments made by IT managers and security managers in many firms. While most IT managers spend the bulk of their budgets on the network, hosts and software development, security managers spend more on firewalls, antivirus and patch management. Grossman proposes security managers align their investments with IT investments, dedicating more of their information security budget to the same areas IT has deemed important. In many cases, this may mean spending more on software security.
Chief information security officers have a decision to make when allocating a portion of their budgets to secure software development: Should they pay a bonus to developers who meet certain security metrics, or should they invest in security training for their developers? Grossman provides an easy rule of thumb for security managers to decide between sending developers to security training or paying bonuses to developers who meet security metrics.