How CIOs can get things done with their reduced staff
It seems to me that we’re seeing more and more news of late about the lackluster job outlook. Unemployment will continue to be higher than originally forecasted and companies will remain hesitant to bring new people onboard. Welcome to reality.
The fact is I think it’s high time for IT managers to stop holding their breath for a break in the struggles of today for what they hope to be bigger budgets, additional hires and more resources in the near future. As much as I hate to say it, it’s just not going to happen anytime soon.
What that means that we must live in the now and recognize that we will continue to do more with less for the foreseeable future. Disaster recovery issues will remain paramount to ensuring a company’s productivity, profitability and competitiveness in their marketplace, but must be executed with existing manpower resources.
Doing this more effectively in the world in which IT security professionals live will require a renewed dedication to collaboration and open discussions. Here are some ways I think this can be done:
Build an internal advisory team. While CSOs and CIOs are the natural choice to lead such efforts, they will by no means be the only ones involved. The ideal situation would be for all departments to have a designated representative coordinate efforts within and outside their area. Herein lies the challenge for any company – policies and practices will often transcend areas of responsibilities for individuals and managers, and failure to make security practices seamless across these lines will create vulnerabilities that hackers seek to exploit.
Leverage the lessons learned from others. None of us are alone in our quest to execute strategic IT and security initiatives with finite resources, many real-life examples of such are well documented in trade magazines, journals, webinars and other free resources. Pay closer attention to them in order to prevent getting the same scars as others have done before.
Pressure vendors to produce. Organizations should not go at it alone, but rather enlist their system integrators and product vendors to help make this happen. The best partners are the ones who should have robust, turnkey offerings that specifically and clearly meet this demand. These firms should also maintain an arsenal of best practices to show a true return on a company’s investment.
As a proud, long-standing member of the IT zecurity community, I know we can embrace this existing reality with full resolve to protect organizations while also helping them pursue their business goals regardless of economic conditions. We’ve been doing it for years, to the point that it is now standard practice, and will be for years to come.