The problem is well rooted and endemic. Security organizations and their leaders are overwhelmed, understaffed and facing an unprecedented volume of new threats both inside and outside their organizations. A natural human reaction to such conditions is to retreat, become reactive, siloed and isolated. Effective security leadership requires we counteract these conditions by finding solutions in spite of organizational (and personal) limitations.
Enter the “Security Liaison”. Initially the security liaison can be viewed as nothing more than a “security contact” for an organizational unit, project or application. A designated individual that can be contacted in the event of an incident or other security related issue arises. Nothing interesting or compelling at this stage, innocuous and innocent, right?
Instead of being the end of the story though, consider it only the tip of a land and expand policy. This is where it starts to get fun. Ever wanted to use “scope creep” to your advantage? (for once)
Stay tuned. Part 2 introduces techniques and tactics to transform the security liaison from a passive “contact” to an active participant in your security efforts.