On this week’s episode of Security Nation, we had the pleasure of speaking with Wendy Nather, the head of of advisory CISO services at Duo Security (now part of Cisco). Our podcast highlights guests who have taken on a challenge that has advanced security in some way, and Wendy’s work on the security poverty line is a perfect example of this.
What is the security poverty line?
The “security poverty line” refers to organizations that lack the budget and/or resources to be able to effectively implement the cybersecurity measures they need. In Wendy’s opinion, it’s one of the biggest challenges in security. She first experienced it when she went from working in security at a Swiss bank where she had a budget of around $60 million to a state agency in Texas where she had a budget of zero. As you can imagine, building a security program with no budget is quite difficult—and even if you do have a budget, you likely can’t do all the things you should be doing.
Who is affected by the security poverty line?
Security teams do not like to admit that the security poverty line is a problem they have, but more industries and companies are affected by it than we think. It can be impossible for organizations to get approval to pay for things like software and hardware upgrades, especially in the public sector, where every purchase goes through the scrutiny of taxpayers. Speaking from experience, Wendy explained that taxpayers expect organizations to use something until it stops working and only then can they make the case for something new. This is why many government entities wind up ..
Support the originator by clicking the read the rest link below.
