While failure isn’t necessarily something to be proud of, it can be a valuable learning experience. When searching for cybersecurity professionals to staff your organization, don’t forget to consider those from other companies that may have suffered a major attack, as they may have detailed insights into both what went wrong, and how to react to future events. According to an article in ZDNet, a recent survey by Symantec and Goldsmiths, University of London notes that over half of the 3,000 CISO respondents considered failure to be an important part of improving cybersecurity.
Says Darren Thomson, CTO EMEA at Symantec, “If you want to build a resilient organisation, wouldn’t it be better to recruit a team of people who’ve lived this stuff rather than someone who hasn’t got that experience or developed best practices in reaction to a breach occurring?”
Getting these cybersecurity professionals to share their experiences gained from failure can be a challenge, however, as the results of the survey indicated 54% of respondents avoid discussing breaches with colleagues, and 36% of respondents believing sharing information about a breach or attack would hurt their future career prospects.
“Senior members of security staff who’ve worked in organisations which have had a major, publicised breach, that can be seen as a negative – somehow individuals can be tarnished with that. That’s probably the exact opposite to the way to how the industry should be thinking,” says Thomson.
