Mind the Tech Gap: Addressing the Conflicts between IT and Security Teams
- Length: 198 pages
- Edition: 1
- Language: English
- Publisher: CRC Press
- Publication Date: 2022-10-05
- ISBN-10: 1032206179
- ISBN-13: 9781032206172
- Sales Rank: #2706566 (See Top 100 Books)
IT and cybersecurity teams have had a long-standing battle between functionality and security. But why? To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact. With different levels of budget, competing goals, and a history of lack of communication, there is a lot of work to do to bring these teams together. Empathy and emotional intelligence are common phenomena discussed in leadership books, so why not at the practitioner level? Technical teams are constantly juggling projects, engineering tasks, risk management activities, security configurations, remediating audit findings, and the list goes on. Understanding how psychology and human factors engineering practices can improve both IT and cybersecurity teams can positively impact those relationships, as well as strengthen both functionality and security. There is no reason to have these teams at odds or competing for their own team’s mission; align the missions, and align the teams. The goal is to identify the problems in your own team or organization and apply the principles within to improve how teams communicate, collaborate, and compromise. Each organization will have its own unique challenges but following the question guide will help to identify other technical gaps horizontally or vertically.
Cover Half Title Title Page Copyright Page Dedication Table of Contents List of figures About the author 1 Background of IT and cybersecurity fields Background History of IT History of cybersecurity Where IT meets cybersecurity Cybersecurity education IT education Software developers Major shifts in IT/cybersecurity What is the problem? 2 Roles and responsibilities in IT Roles in IT Helpdesk Systems engineering Network engineer Software developers Database administrator/data science Cloud administrator/engineer Infrastructure architect Technical team leads Operational technology engineer IT generalist vs IT specialist Conclusion References 3 Roles and responsibilities in cybersecurity Roles in cybersecurity Security analyst Security Assessors/Auditors Security Engineers (SEs) Security Managers (SMs) Security architects Red teams Incident response Digital forensics Governance, risk, and compliance Security researchers Threat intelligence analysts Conclusion References 4 Where IT meets cybersecurity Technology meets cybersecurity People, process, and technology People Secure configuration Risk management Legal and privacy concerns DevSecOps Architecture New IT/development projects Empathy in IT and cybersecurity Conclusion References 5 The disconnect (IT vs cybersecurity) The disconnect A history of discord Functionality Security IT vs cyber: round 1 IT vs cyber: round 2 IT vs cyber: KO Education Certifications Conclusion 6 Separation of duties Introduction Separation of duties Job rotation Typical IT duties Typical cyber duties Incident response Permissions Siloed teams Helping or hurting? Conclusion References 7 Management interaction Management interaction SOC leads IT operations leads Security management IT management CISO engagement CIO engagement Conclusion 8 Financial issues and responsibilities IT budgets Cybersecurity budgets IT tools Cybersecurity tools IT services Cybersecurity services IT projects Cybersecurity projects IT resources Cybersecurity resources IT goals Cybersecurity goals IT versus cybersecurity 9 Education gaps between IT and cybersecurity Introduction IT certifications Cybersecurity certifications IT higher education Cybersecurity higher education IT training options Cybersecurity training options Vendor-agnostic certifications Vendor-specific certifications Industry expectations References 10 Bridging the technology and cybersecurity gap Where we are now Where we need to go Emotional intelligence Aligning goals Leading with empathy IT and security liaisons Technical and practical meet Cybersecurity foundational knowledge Communication gaps Where we could be 11 Embracing functionality and security Missed opportunities Functionality is not a four-letter word Embracing security Problem-solving and decision-making Encouraging both operations and cybersecurity Compromise as a tool Adaptability Understanding cognitive limitations Understanding personality types Our differences make our teams stronger References 12 Creating new roles Thinking outside current job descriptions New types of IT roles New types of cybersecurity roles IT security liaison Cybersecurity operations liaison Incident response/operations specialist IT/cybersecurity cooperation working group Human factors security engineer Human factors IT specialist Cybersecurity EI (emotional intelligence) engineer Conclusion 13 Building trust and new relationships Letting go of the past Getting rid of preconceived notions Approaching projects in a new way Early and often open communication Have fun with it Considering the other side Improve security and functionality Changing meeting structure Remove siloed groups Encourage collaboration Building trust 14 Path forward The problem Bridging the technical gap Human first Behavioral analysis techniques Technology and security second Vertical and lateral changes Current state Desired state How can we get there? Final thoughts Reference Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.