{"id":112,"date":"2020-06-01T13:47:00","date_gmt":"2020-06-01T13:47:00","guid":{"rendered":"https:\/\/www.pwvconsultants.com\/blog\/?p=112"},"modified":"2020-06-04T02:05:19","modified_gmt":"2020-06-04T02:05:19","slug":"changing-the-culture-around-info-sec","status":"publish","type":"post","link":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/","title":{"rendered":"Changing the Culture Around Info Sec"},"content":{"rendered":"\n<p>The culture around <a rel=\"noreferrer noopener\" href=\"https:\/\/www.pwvconsultants.com\/blog\/information-security-preparation-is-protection\/\" target=\"_blank\">information security<\/a> is vastly different than what it should be. Professionals are burning out because <a rel=\"noreferrer noopener\" href=\"https:\/\/www.pwvconsultants.com\/blog\/information-security-suffers-burnout\/\" target=\"_blank\">businesses aren\u2019t handling info sec properly<\/a>. There\u2019s a shortage of these professionals in the market. Veterans are leaving the industry largely because businesses don\u2019t want to pay large teams of people to make sure tasks are handled properly. A team of four people will never be able to keep up in a company with 10,000 employees. The culture needs to change and adapt with the global changes and rise of cybercrime.<\/p>\n\n\n\n<p>The first step in changing the culture is to make people responsible for their contribution to info sec. Right now, people can point the finger at someone else in another department, or at some other company, and blame them for the problem at hand. Making everyone responsible means they are more likely to treat it info sec seriously and ensure they are doing their part to mitigate risk.<\/p>\n\n\n\n<p>The biggest and most valuable way to change the culture around info sec is by implementing it from the beginning. Startups generally have an attitude of let\u2019s go fast and get this done and we\u2019ll deal with the rest later because it\u2019s about making money. But if you establish a culture around info sec from the beginning, ensuring that the products you are rolling out are secure as you go, you\u2019ll realize that it really doesn\u2019t take much more time than ignoring security. Ignoring security will result in backlash and having to take extra time to go fix the problems that have been ignored. Long term you will gain more speed from approaching security up front.<\/p>\n\n\n\n<p>Established businesses need to take their temperature to see where they are in their journey to becoming secure. If it\u2019s in the early stages, there\u2019s going to be a remediation process. There may be thousands of tickets opened when the process starts, but it\u2019s not feasible to go and close them all at once. Draw a line in the sand and understand that some percentage of your 10,000 tickets are severe enough to shut you down. Fix those. Then go back to setting up policies and procedures, set up security as an enabler and get security involved early in the cycle. Start working fixes into other code edits as you\u2019re refactoring features.<\/p>\n\n\n\n<p>As you build up the culture, problems will remediate themselves. Tickets will get closed and as coders learn the principles of secure coding, what to do and what not to do, your risk profile will shrink.<\/p>\n\n\n\n<p>The key is to start building the culture around info sec as early as possible. For a startup, that means from the birth of your business. For an established business, that means from the moment you start to implement security measures. The earlier you start building the culture, the less risk you assume and the less likely you are to have problems. Once it\u2019s ingrained into your coders and other technology employees, it will become rote. Which is ultimately what you want, security and quality assurance to go hand in hand, resulting in efficiency.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.<\/p>\n","protected":false},"author":1,"featured_media":307,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[4],"tags":[36,644,40,575,17,571],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.2 (Yoast SEO v22.2) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Changing the Culture Around Info Sec - PWV Consultants<\/title>\n<meta name=\"description\" content=\"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Changing the Culture Around Info Sec\" \/>\n<meta property=\"og:description\" content=\"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\" \/>\n<meta property=\"og:site_name\" content=\"PWV Consultants\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PWV-Consultants-110444033947964\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-01T13:47:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-06-04T02:05:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Pieter VanIperen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@PWV_Consultants\" \/>\n<meta name=\"twitter:site\" content=\"@PWV_Consultants\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pieter VanIperen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\"},\"author\":{\"name\":\"Pieter VanIperen\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/c15d5d40126a8ad906cb3067de95f8d4\"},\"headline\":\"Changing the Culture Around Info Sec\",\"datePublished\":\"2020-06-01T13:47:00+00:00\",\"dateModified\":\"2020-06-04T02:05:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\"},\"wordCount\":532,\"publisher\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg\",\"keywords\":[\"Business\",\"culture\",\"Info Sec\",\"Information Security\",\"Security\",\"technology\"],\"articleSection\":[\"Information Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\",\"url\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\",\"name\":\"Changing the Culture Around Info Sec - PWV Consultants\",\"isPartOf\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg\",\"datePublished\":\"2020-06-01T13:47:00+00:00\",\"dateModified\":\"2020-06-04T02:05:19+00:00\",\"description\":\"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage\",\"url\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg\",\"contentUrl\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg\",\"width\":2560,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.pwvconsultants.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Changing the Culture Around Info Sec\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#website\",\"url\":\"https:\/\/www.pwvconsultants.com\/blog\/\",\"name\":\"PWV Consultants\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.pwvconsultants.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#organization\",\"name\":\"PWV Consultants\",\"url\":\"https:\/\/www.pwvconsultants.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/logo-alternate-e1585773530392.png\",\"contentUrl\":\"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/logo-alternate-e1585773530392.png\",\"width\":98,\"height\":84,\"caption\":\"PWV Consultants\"},\"image\":{\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/PWV-Consultants-110444033947964\",\"https:\/\/twitter.com\/PWV_Consultants\",\"https:\/\/www.linkedin.com\/company\/pwv-consultants\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/c15d5d40126a8ad906cb3067de95f8d4\",\"name\":\"Pieter VanIperen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8b294918257a810803e2befc9a71b7bc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8b294918257a810803e2befc9a71b7bc?s=96&d=mm&r=g\",\"caption\":\"Pieter VanIperen\"},\"description\":\"PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/pwv-consultants\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Changing the Culture Around Info Sec - PWV Consultants","description":"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/","og_locale":"en_US","og_type":"article","og_title":"Changing the Culture Around Info Sec","og_description":"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.","og_url":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/","og_site_name":"PWV Consultants","article_publisher":"https:\/\/www.facebook.com\/PWV-Consultants-110444033947964","article_published_time":"2020-06-01T13:47:00+00:00","article_modified_time":"2020-06-04T02:05:19+00:00","og_image":[{"width":2560,"height":1920,"url":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg","type":"image\/jpeg"}],"author":"Pieter VanIperen","twitter_card":"summary_large_image","twitter_creator":"@PWV_Consultants","twitter_site":"@PWV_Consultants","twitter_misc":{"Written by":"Pieter VanIperen","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#article","isPartOf":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/"},"author":{"name":"Pieter VanIperen","@id":"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/c15d5d40126a8ad906cb3067de95f8d4"},"headline":"Changing the Culture Around Info Sec","datePublished":"2020-06-01T13:47:00+00:00","dateModified":"2020-06-04T02:05:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/"},"wordCount":532,"publisher":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg","keywords":["Business","culture","Info Sec","Information Security","Security","technology"],"articleSection":["Information Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/","url":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/","name":"Changing the Culture Around Info Sec - PWV Consultants","isPartOf":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage"},"image":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg","datePublished":"2020-06-01T13:47:00+00:00","dateModified":"2020-06-04T02:05:19+00:00","description":"The culture around information security is not what it should be. Changing that culture starts with the implementation of security measures.","breadcrumb":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#primaryimage","url":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg","contentUrl":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/Changing-the-Culture-Around-Info-Sec-scaled.jpg","width":2560,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.pwvconsultants.com\/blog\/changing-the-culture-around-info-sec\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pwvconsultants.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Changing the Culture Around Info Sec"}]},{"@type":"WebSite","@id":"https:\/\/www.pwvconsultants.com\/blog\/#website","url":"https:\/\/www.pwvconsultants.com\/blog\/","name":"PWV Consultants","description":"","publisher":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pwvconsultants.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pwvconsultants.com\/blog\/#organization","name":"PWV Consultants","url":"https:\/\/www.pwvconsultants.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/logo-alternate-e1585773530392.png","contentUrl":"https:\/\/www.pwvconsultants.com\/blog\/wp-content\/uploads\/2020\/04\/logo-alternate-e1585773530392.png","width":98,"height":84,"caption":"PWV Consultants"},"image":{"@id":"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PWV-Consultants-110444033947964","https:\/\/twitter.com\/PWV_Consultants","https:\/\/www.linkedin.com\/company\/pwv-consultants"]},{"@type":"Person","@id":"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/c15d5d40126a8ad906cb3067de95f8d4","name":"Pieter VanIperen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pwvconsultants.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8b294918257a810803e2befc9a71b7bc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8b294918257a810803e2befc9a71b7bc?s=96&d=mm&r=g","caption":"Pieter VanIperen"},"description":"PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.","sameAs":["https:\/\/www.linkedin.com\/company\/pwv-consultants"]}]}},"_links":{"self":[{"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/posts\/112"}],"collection":[{"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":5,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"predecessor-version":[{"id":308,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/posts\/112\/revisions\/308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/media\/307"}],"wp:attachment":[{"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pwvconsultants.com\/blog\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}