When faced with new developments or major changes, it is all too easy for security industry professionals to react by trying to hold off the change due to the threats it entails.
This is something Tieto Oyj’s Chief Security Officer and Security Director of the Year 2019 Jari Pirhonen believes can be problematic.
“The world is changing and technology is not going to wait around. Professionals in the security sector must be able to keep up with change and accept that, for example, when technology changes risks will increase, and security solutions may not necessarily be available,” states Pirhonen.
If you do not take a proactive approach, you will subsequently find it difficult to communicate about the risk and advise others."
Being in a state of constant change, the ability to tolerate risks, acceptance of a lack of security, permitting failures, and a greater degree of openness do not come naturally to everyone in the security industry.
It is here that Pirhonen believes there are plenty of lessons to be learned.
“We should be proactive, thinking about how change can be utilized from a security perspective. If you do not take a proactive approach, you will subsequently find it difficult to communicate about the risk and advise others.”
These days, security directors also need a greater understanding of the business as a whole and human behavior. Networking, and in particular continuous professional development are vital when it comes to keeping up with the pace of development. According to Pirhonen, this requires some effort, even for the keenest of us, and a willingness to spend some time outside working hours keeping our knowledge and skills fresh.
Pirhonen himself has devoted time to studying behavioral sciences and psychology.
“You need to understand that people will make mistakes whatever the situation. They’re not calculating machines, constantly assessing risks, instead they work based on intuition,” explains Pirhonen.
“The role of security director is more than ever about business understanding, employee motivation, communication, and working out how we can simplify a complex world and communicate about potential risks with common sense.”
A sector in need of diversity
In his own words, Pirhonen’s career path into the sector involved a degree of chance.
In the early 1980s he was studying computer sciences at the University of Joensuu, whilst doing a spot of work in the programming sector on the side. After graduation he worked as a trainer of software developers at Kuopio vocational institute.
In 1989 he moved from Kuopio to Helsinki to work at Hewlett-Packard, where he worked as an IT-professional, consultant, trainer and education center manager for eight years. Then, in the 1990s, along came information security.
Pirhonen made the leap from HP to a 15-person start-up, where he worked for seven years, until a headhunter called and asked if he was interested in the role of security director at ICT firm Samlink.
People from a communications background could bring a lot to this industry, for example."
Pirhonen has been working for his current employer, Tieto Oyj, for 2.5 years now.
In a changing world, Pirhonen believes that the security sector requires a more diverse skillset.
In practice, however, those entering the industry are still very homogenous and from similar backgrounds.
This is something Pirhonen feels must change. People from a communications background could bring a lot to this industry, for example. This is something that should be considered in recruitment in particular, as well as in how the sector could be made more attractive to people from different backgrounds.
“If we want to see development in our sector, we must diversify it. Throwing more new perspectives into the mix, especially in the business world, is key,” states Pirhonen.
In Aalto PRO's Turvallisuusjohdon koulutusohjelma – TJK program, is a comprehensive program that helps the participants understand security as a whole and grasp various aspects of managing security sub-areas. Graduates will become part of a network of over 500 security experts and managers who have undergone the same program. The program is also valued in the security sector recruitment. Read more about the program.