Aim of this Space

Hey! My name is Diane, and this is my very first blog post on Strategic Security by Diane. In this post I would like to talk about why I have created this space, and what I would like to share through it. My posts will include opinion pieces about information security; risk management; and leading infosec professionals.

Having worked in information security and related areas, for the past couple of years, I wanted to start sharing my experiences in implementing and advocating for information security in organisations. I will talk about creating a security program from scratch.  I will write about iteratively improving the security maturity within organisations, or at least how I’ve done it – what I would do all over again, and what I’ve learnt to avoid next time round.

I will share how I applied the knowledge I gained through a masters in IT management and organisational change, when managing changes in business processes to integrate security controls. I do believe this knowledge really equipped me in reducing resistance to change, which is usually a regular encounter for security professionals trying to convince business to think of security.

My posts will talk about the need for information security risks to be treated as a business priority, and the security team treated as a business partner. This is a concept that needs to be continuously sold by security professionals to business leaders, and a critical driver of this point is structuring a team that reflects the business model and its operations.  In my blog I will discuss how I went about structuring a team of security engineers and officers, to meet the business needs and what I do believe a good security leader (or any leader) should focus on to build and support a high-performing team.

I will discuss the need to understand  the critical business processes, what is required to keep the business running and what is needed to make the business money, and then building a team to protect both.

As a security professional and leader, I am still learning and growing every day. I am working on managing myself, celebrating my successes and learning through my failures. I am excited to share my experiences, good and bad, in this blog – hoping they can be of some help to anyone going through similar situations!

If you have any questions, or you would like to discuss/agree/disagree with anything –  feel free to leave a comment or email me on strategicsecurity@dianeabela.com

In the meantime I would like to note that any and all posts are a reflection of my personal opinion and in no way reflect or are related to my employment.

Be back soon with my next post..! In the meantime, wishing you a Happy New Year 🙂