Skip to main content

The “Security Hero” Culture is Changing

May 03, 2012

Will Rogers said, “Being a hero is about the shortest-lived profession on earth.”

I would agree with Will since I am pretty sure that he was referring to a hero in the traditional sense of the word. But, when it comes to the information security world, this wisdom unfortunately does not apply. The “security hero” is a role that has been around for far too long.

Before I say more, I think it is time for a definition. The security hero is that person who has traditionally stepped in to fix the problem of security when no one else was there to do it. You know that person – the one who sees a hole in security, figures out a fix, and then installs the fix. Heck, you may have even been that person.

You need a new rule in the firewall? Done!

The HR director says that we need to stop people from going to inappropriate websites? Done!

Yes, the hero gets things done. The problem is that he or she is very focused only on the point problem and the point solution.

What caused this rise of the security hero? Basically, when organizations started figuring out that security was really needed a few years ago, it oftentimes did not translate into the creation of a strategy that took business objectives into consideration. The work was typically done by the IT department and was dedicated to the technical side of security - firewalls, intrusion detection, web traffic filtering, anti-virus, etc. Not that those solutions weren’t important. But, the technical focus didn’t look at security as an overarching issue that affected more than IT.

Then compliance came on the scene. Fines and stigmas that often accompanied a failure to comply motivated organizations to put more of an emphasis on security. But this did not necessarily mean a holistic view of security was adopted. While compliance was a broader focus, it still was a focus. Often whole teams were created with a sole mandate of being compliant to one or more regulations. The hero may have turned into a band of heroes (that has a distinct “Robin Hood” ring to it), but it was still a hero culture.

The hero needs to be admired for moving the security needle forward through hard work and diligence. But the reasons behind the need for a hero actually cause more problems than they solve. The round-and-round security fixes that don’t address the needs of the organization as a whole have to stop. Thankfully, this is happening now. Today’s security culture is changing.

So how is it changing? To find out that answer, I invite you to download the first installment of Accuvant’s new thought leadership series, entitled Trends from the Trenches. This first paper is entitled “The Era of the Security Hero is Over - Adopting Governance for Holistic Information Security Strategy”. In it, you will see why the trend towards governance is occurring and how it is changing how organizations view security, and learn about some practical steps to help you move that way yourself.

As a bonus, Doug Landoll, Accuvant governance guru, and I sat down in the lobby of a busy hotel and discussed the trend a bit. In the video posted below, Doug gives some great insights into what he is seeing at client sites and why governance is necessary for a strong security program.


How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

June 14, 2017

Incident Management Plan Development

We have the experience and knowledge required to help your organization develop a strong incident management plan.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

March 22, 2012

Beyond GSA G2S Standards: The Security Program

Last month, I wrote about applying a strategic view of security as you move your gaming environment toward GSA/Open G2S standards. While these standar...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.