IT Security is Global, So Let's Start Treating it that Way: Interview with Softtek's Security Ace

 The Internet is global.  In order to do business today, executives have to interact with global partners and customers. But, despite these realities, there remains a lot of trepidation among CIOs about the ability to manage information security in a global scope.

One person who knows a lot about the realities of maintaining robust security practices worldwide is Leonel Navarro Segura, Business Information Security Leader at Softtek’s global delivery center in Aguascalientes.

In our recent interview with Leo, he helped clarify what strategies need to be employed to meet today’s security requirements and also the types of concerns he hears from customers and finally – the challenges of contracting top talent.

What is your main role at Softtek? It sounds from your background as if you´re sort of supporting internal IT in terms of information security.

My main focus is actually more on supporting our sales force who promote  the information security services we have, so we can identify opportunities and work more efficiently with customers.  I am also responsible for setting up security projects and  I'm also in charge of building the teams that will  lead specific service channels.

When you deal with CISOs (chief information security officers) what are some of the big concerns that are coming up from your customer base?

There is a huge demand for information security services and sometimes finding the right resources takes a lot of time. Customers want to drive efficiency in their information security practices, and they want a cost-effective model.

What specific information security services are your customers looking for?

The current focus is on security testing because we know there are a lot of different vendors out there offering all kinds of products.

One of the things we have noticed is that when customers are looking for more advanced ways to do security testing - they come to us.

Security testing: why has it become so critical? What are the big fears out there for your customers?

We all saw last year the Wiki leaks scandal  and the risks of wrongdoers obtaining and possibly altering information and data and making it public. The concern many organizations have is that information put on the Internet has been properly tested. That is one of the fears I see from one side.

From the other side, there are regulations coming in that require applications to be tested, especially in financial services.  I see both as drivers behind the need for better testing pratices.

Some CIOs have concerns about data protection laws in Latin America, does that ever come up? How safe is it to send my data to Costa Rica or Mexico, for example?

I´ve seen that. There are two different schools of thoughts. Some are very open and are willing to drive down the cost and take advantage of the talent that exist in emerging countries.

Others are just not that open to exploring  this avenue. They don't want to work with groups outside the United States in meeting security requirements. It really depends on the type of organization that we are dealing with and the specific requirements they  set forth.

Is it difficult in these different GDCs to find talent that is very strong in IT security?

It is getting very tough. In the Mexican market it is challenging because there are a lot of different companies being established that are trying to provide business-driven security services. That usually causes high demand and definitely the cost associated to bring in strong candidate is high. But it depends on the specific domain the customer is looking for.

In Softtek we have a strong platform (training program) which we call "Softtek University." So when things get complicated we leverage  the experience of the most senior people we have and we orchestrate training so that we can provide that knowledge to new people.

Is it challenging to work in IT security?

Yes. Technology is moving very fast. There is no silver bullet to the information security challenge. Each organization has its own needs and requirements. We don't have one solution for all our clients. We really need to understand their security requirements and tailor our services to really be effective. It is a challenge every day.