"The cybersecurity landscape changes so quickly that it's already nearly impossible to keep up with the emerging threats without ongoing access to continuing education. You need to make awareness and education of your security talent the linchpin of your overall strategy," says Corey.
Listen to your talent
If you have the talent and you're willing to invest in their education and training, you're on the right track. But those investments won't pay off unless you're also committed to following through on their recommendations, says Mike Ricotta, head of development at Blue Fountain Media and a cybersecurity expert.
Make sure your skilled, certified, experienced security employees aren't needlessly having their work impeded by operational priorities -- because ensuring the security of your organization and its data, not to mention that of its customers, is priority number 1. Even if the expected cost of recourse for a security failure may not outweigh the costs for proactive resolution, the damage to your business's reputation and loss of customer trust can be devastating.
"If your organization is serious about ensuring security, make sure that you give your talent a voice and you take every recommendation seriously, because the one that gets compromised may very well be the one that's exploited," Ricotta says.
Sign up for CIO Asia eNewsletters.