For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed experienced CISCO Victor Kritakis, of Epignosis. As the head of the company’s information security policy, he is responsible for penetration testing and vulnerability assessments, staff cybersecurity training, administration of the bug bounty program, as well as maintaining the ISO 27001 certification standards.

As an IT pro, you’re probably used to doing the heavy lifting when it comes to network security. You might even find your team responsible for educating the rest of your company on best practices when it comes to network common security hacks and how to prevent them. Today, we’re here to lighten that load a little.

For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness month?

Maintaining an online business presence nowadays means that malicious actors are going to target and likely exploit any application vulnerabilities they can find sooner or later. According to the 2021 Mid Year Data Breach Report, although the number of breaches has declined by 24%, the staggering number of records that were exposed (18.8 billion) means that there is still room for improvement.

As cyberattacks become more sophisticated across ever-expanding attack surfaces, it’s easy to assume the security team will take care of risk management and mitigation. Indeed, employees—both within the agency and across the contractor community—are one of the greatest risks to the government’s security postures.

CFEngine and Ansible are two

Bubble wrap®. That obsessively addictive plastic material, made up of hundreds of small air-filled bubbles we all love to squeeze. Although I tend to think of Bubble Wrap as the original fidget toy—melting away our anxieties with every satisfying pop—most people associate it with helping to protect their most precious collectibles when in transit or being placed in long-term storage.

In my interactions at industry events like AWS re:invent and KubeCon, I talk with a lot of developers. Devs often tell stories of things that prevent them from working quickly and efficiently. Many involve frustrating interactions with sys admins, SREs, or DevOps colleagues. One story I have heard several times involves a conversation like this: dev: Hey, SRE team. My build is failing and I don’t know what’s happening with the app in the build node.

Like a football or soccer team, security also has two lineups that must be continuously managed. One lineup involves protecting the digital assets and data of a business. The other: managing the security risk and vulnerability exposure of these environments and endpoints. The tension between these two lineups keep security and IT very busy. There is a critical shortage of expert security professionals, which means no expanding the bench of talent, even if you can afford it.