14 Things and 12 Tools Every Security Organization Should Own

June 1, 2015

A majority of people coming into security are drawn to the hacker skills. They want to participate in Penetration Testing, Red Teams, and other assessment activities. They want to break things. Some want to fix things too. Few understand the breadth of an information security organization.

[Tweet “Many want to break things. Some want to fix things. Few understand the breadth of an infosec org.”]

I’ve written up a list of disciplines typically found in an information security group along with a list of tools that they usually end up buying. This isn’t a list of things that a CISO should build their program around, but a list of ideas for people entering the security space or looking to broaden their security knowledge. We need people in all disciplines.


Security Disciplines

  1. Security Architecture
  2. Compliance
  3. Forensics
  4. Vendor Assessments
  5. Risk Assessments
  6. Awareness
  7. Governance
  8. Policy
  9. Identity Management
  10. Incident Management
  11. Threat Intelligence
  12. Application Security
  13. Vulnerability Management
  14. Business Continuity/Disaster Recovery



Security Tools

  1. Content Filtering
  2. Antivirus
  3. Malware
  4. Web Application Firewall
  5. Intrusion Prevention/Detection (IPS/IDS)
  6. PKI/Encryption
  7. Data Loss Prevention (DLP)
  8. Single Sign On (SSO)
  9. Multi-Factor Authentication
  10. Log Collection/Aggregation
  11. Static Code
  12. Dynamic Scanning


What do you do with this list? Two things:

  1. Broaden Your Security Knowledge — Whatever your current background in security, start learning areas of security that you aren’t currently working in. Understand how other disciplines work and how other tools fit into the security processes. Especially if you’re early on in your career, expanding your knowledge can be a huge advantage.
  2. Understand How It All Comes Together — While you may be an expert in one area, it’s important to understand the complex puzzle that needs to fit together to make a security organization work. Even if you don’t learn other areas, you should understand how they fit together. If you’re advocating for funding for your program, understand the needs of your peers. They more you can help put the pieces together, the more success you can be.