Listening to and Solving InfoSec Industry Challenges

Ever met an information security expert who thought they knew it all? Ever been frustrated when you try to explain something to a security expert and you feel like you haven’t been heard? Let’s change this.

Our mission at FRSecure is to fix the broken infosec industry. The fulfillment of this mission is going to be much harder if we don’t stop and listen to our customers.

At FRSecure, we have established the FRSecure Customer Advisory Board (CAB) to help us with this problem. We are privileged to work with a handful of great people on the FRSecure CAB. They tell us what we do well and they tell us what they want us to do better. It’s a great experience!

In our most recent CAB meeting, I posed the following two questions to our members:

  1. What is your greatest frustration with respect to information security?
  2. What is your greatest challenge with respect to information security?

I asked each CAB member to write down their answers, then we discussed them as a group.

Greatest Frustrations in the InfoSec Industry

The greatest security issues shared by our CAB members included:

All of the common frustrations were shared by all of the CAB members. Through discussion and good healthy debate, we derived a core frustration that sums up everything; we are all speaking different languages for the same topic.

Greatest Challenges in the InfoSec Industry

The greatest challenges shared by our CAB members included:

  • Education/training for executives, IT personnel, security teams, and users.
  • Management commitment to continuous improvement.
  • Obtaining the necessary resources for security management.
  • Measuring information security (metrics, status, improvements, etc.)
  • Cyber insurance: Risk understanding and risk management.

There are so many moving parts to an information security program, and it’s difficult for our customers to figure out the next thing they should be working on.  Instead of using risk (and measurement) to determine what to do, they are using what outside entities (regulators, examiners, customers, etc.) are telling them to do. This challenge is closely related to the frustration problem, but it also became clear that customers don’t necessarily know how to fix security problems when told that they need to.

Members of the CAB agreed that the greatest frustrations could be summed up with; we don’t know how to fix the issues facing us within the greater context of a strategic information security program.

What FRSecure is doing

So what is FRSecure doing about all of this?  If FRSecure is committed to fixing the broken infosec industry, we can’t shy away from our customers’ greatest frustrations and challenges. We are committed to solving these problems.

Problem #1 – We are speaking different languages.

At the core of the FRSecure business are information security risk assessments. We use an easy-to-understand information security assessment methodology that gets people speaking the same language internally (with executives, directors, management, and all users) and externally (with other information security professionals, partners, customers, regulators, etc.). The methodology is comprehensive, credible, and effective.

All of our other services can be incorporated into an information security risk assessment, and the deliverables for all other services must be designed to help solve problem #1 vs. contribute to problem #1.

Problem #2 – We don’t know how to fix our problems when we’re told about them.

There are primarily three things that we’re doing to fix problem #2:

  1. We teach in every engagement we have with customers. It’s not good enough to tell customers how to minimize security threats—we take the time to explain and show it.
  2. We teach anyone who’s interested. We do this through speaking engagements, blog posts, newsletters, podcasts, videos, and the FRSecure Mentor Program.
  3. We are building tools for our customers to use to improve their data protection.


We will keep listening to our customers, and we will keep learning.  Remember these two problems; they are at the core of everything we do.  Thank you for sharing with us!


Evan Francen on LinkedinEvan Francen on Twitter
Evan Francen
CEO at FRSecure
Nickname: "The Truth"

I am a 25+ year information security veteran, and I tell it like I see it. I’m not known for being politically correct, and this sometimes gets me into trouble. More often than not; however, clients and colleagues come to appreciate the candor and common sense approach. If you look at security (the right way), you’ll find that it’s just not as complicated as people make it. I hope you enjoy my writings on security and other miscellaneous things. I really have a strong and deep passion for helping people and making the world a better place.

Check out my new book UNSECURITY

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *