Jay Schulman.Plan for Thursday
Security
consulting
June 01, 2015· 2 min read

14 Things and 12 Tools Every Security Organization Should Own

Explore the essential disciplines and tools every security organization needs. This guide broadens your security knowledge and helps you understand how various elements fit together for a cohesive strategy.

A majority of people coming into security are drawn to the hacker skills. They want to participate in Penetration Testing, Red Teams, and other assessment activities. They want to break things. Some want to fix things too. Few understand the breadth of an information security organization.

[Tweet “Many want to break things. Some want to fix things. Few understand the breadth of an infosec org.”]

I’ve written up a list of disciplines typically found in an information security group along with a list of tools that they usually end up buying. This isn’t a list of things that a CISO should build their program around, but a list of ideas for people entering the security space or looking to broaden their security knowledge. We need people in all disciplines.

[one_half]

Security Disciplines

  1. Security Architecture
  2. Compliance
  3. Forensics
  4. Vendor Assessments
  5. Risk Assessments
  6. Awareness
  7. Governance
  8. Policy
  9. Identity Management
  10. Incident Management
  11. Threat Intelligence
  12. Application Security
  13. Vulnerability Management
  14. Business Continuity/Disaster Recovery

[/one_half]

[one_half_last]

Security Tools

  1. Content Filtering
  2. Antivirus
  3. Malware
  4. Web Application Firewall
  5. Intrusion Prevention/Detection (IPS/IDS)
  6. PKI/Encryption
  7. Data Loss Prevention (DLP)
  8. Single Sign On (SSO)
  9. Multi-Factor Authentication
  10. Log Collection/Aggregation
  11. Static Code
  12. Dynamic Scanning

[/one_half_last]

What do you do with this list? Two things:

  1. Broaden Your Security Knowledge — Whatever your current background in security, start learning areas of security that you aren’t currently working in. Understand how other disciplines work and how other tools fit into the security processes. Especially if you’re early on in your career, expanding your knowledge can be a huge advantage.
  2. Understand How It All Comes Together — While you may be an expert in one area, it’s important to understand the complex puzzle that needs to fit together to make a security organization work. Even if you don’t learn other areas, you should understand how they fit together. If you’re advocating for funding for your program, understand the needs of your peers. They more you can help put the pieces together, the more success you can be.
Get More Insights
Join thousands of professionals getting strategic insights on blockchain and AI.

More Security Posts

July 01, 2024

Wallet Backups: Protecting Your Funds

In our ongoing journey to demystify the world of blockchain and digital assets, we've covered the ins and outs of Hierar...

July 17, 2015

Security Longreads for July 17, 2015

Explore the latest in security with insights on stolen fingerprints, the rising role of Chief Security Architects, and t...

January 23, 2026

Beyond Q-Day: What Quantum Computing Actually Unlocks

Quantum computing threatens encryption—but the same capability could solve climate and food security. Leaders must shift...