The MBA Guide to IT

Episode 13 – What IT security people do I need?

Security has become its own specialty in the IT field.  What type of security people does a small to mid-size firm need?

Your needs here depend on the security and privacy requirements of your data.

Let’s stipulate up front that it’s hard for a small to mid-sized firm to staff this area appropriately.  From the analyst to the architect, these people don’t come cheap.  The salaries rise with experience and professional designations – those letters after their names.  With a 0% unemployment rate and roughly 1 million jobs, it’s an employee’s market.

It’s common to think about security as firewalls and antivirus – but that’s a trap.  Cybersecurity starts with the business not the equipment.

At the highest level, you’re talking about someone who can evaluate your business – your goals and your workflow.  Classify your data and walk you through your risks.  Help you identify which risks are making you money and which risks aren’t.  Maybe you’re storing data that should best be handled by a service provider.  Which risks should be accepted, mitigated, transferred, or avoided…and in some frameworks exploited.  Then start making recommendations about what types of systems, processes, and equipment.

For day to day activities, you’ll often find two different groups.  In a large enterprise, the Network Operations Center keeps the network running and up to date, while the Security Operations Center investigates potential security events.  In a regular company, you’re probably not staffing either of these groups.  It’s not uncommon to find one person wearing both hats.  Or you outsource it.

Large companies may appoint a Chief Information Security Officer.  You probably won’t.  But if you have European customers, you many need to designate a Data Protection Officer to comply with the GDPR.  Consult your attorney.  We’re just the IT department.

Again, it’s tough for a small to midsize firm to staff this area.  If you’re concerned about security and privacy, you’ll likely seek a competent service provider.

Tomorrow, we talk about the management responsibilities in IT whether you have a single IT employee or many.

I’m Carter Edmonds with 20Creek.  We solve IT challenges.

Episode #13 – 12/27/2018

We use cookies to operate the site, improve your experience, and personalize our interactions with you.
By continuing to use our site, you accept our use of cookies.
Please see our Privacy Policy, Terms of Use, Disclaimer, and Cookie Policy.