Jay Schulman
career
consulting
June 01, 2015· 2 min read

14 Things and 12 Tools Every Security Organization Should Own

Explore the essential disciplines and tools every security organization needs. This guide broadens your security knowledge and helps you understand how various elements fit together for a cohesive strategy.

A majority of people coming into security are drawn to the hacker skills. They want to participate in Penetration Testing, Red Teams, and other assessment activities. They want to break things. Some want to fix things too. Few understand the breadth of an information security organization.

[Tweet “Many want to break things. Some want to fix things. Few understand the breadth of an infosec org.”]

I’ve written up a list of disciplines typically found in an information security group along with a list of tools that they usually end up buying. This isn’t a list of things that a CISO should build their program around, but a list of ideas for people entering the security space or looking to broaden their security knowledge. We need people in all disciplines.

[one_half]

Security Disciplines

  1. Security Architecture
  2. Compliance
  3. Forensics
  4. Vendor Assessments
  5. Risk Assessments
  6. Awareness
  7. Governance
  8. Policy
  9. Identity Management
  10. Incident Management
  11. Threat Intelligence
  12. Application Security
  13. Vulnerability Management
  14. Business Continuity/Disaster Recovery

[/one_half]

[one_half_last]

Security Tools

  1. Content Filtering
  2. Antivirus
  3. Malware
  4. Web Application Firewall
  5. Intrusion Prevention/Detection (IPS/IDS)
  6. PKI/Encryption
  7. Data Loss Prevention (DLP)
  8. Single Sign On (SSO)
  9. Multi-Factor Authentication
  10. Log Collection/Aggregation
  11. Static Code
  12. Dynamic Scanning

[/one_half_last]

What do you do with this list? Two things:

  1. Broaden Your Security Knowledge — Whatever your current background in security, start learning areas of security that you aren’t currently working in. Understand how other disciplines work and how other tools fit into the security processes. Especially if you’re early on in your career, expanding your knowledge can be a huge advantage.
  2. Understand How It All Comes Together — While you may be an expert in one area, it’s important to understand the complex puzzle that needs to fit together to make a security organization work. Even if you don’t learn other areas, you should understand how they fit together. If you’re advocating for funding for your program, understand the needs of your peers. They more you can help put the pieces together, the more success you can be.
Get More Insights
Join thousands of professionals getting strategic insights on blockchain and AI.

More Career Posts

October 15, 2024

Zcash Enterprise Privacy: Business Applications Guide | Advanced Cryptocurrency Privacy Solutions

Comprehensive guide to Zcash enterprise privacy applications - leveraging advanced cryptocurrency privacy technology for...

October 01, 2014

3 Reasons to Always Take the Interview

Discover why you should always seize the chance to interview, regardless of hesitations. Gain insight, practice your ski...

July 17, 2015

Security Longreads for July 17, 2015

Explore the latest in security with insights on stolen fingerprints, the rising role of Chief Security Architects, and t...