Security isn't just a tech issue. If you go into thinking your gear is your security program, you're leaving yourself open to hurt. Tech toys can't solve all security problems.
A lot of the obvious problems can be mitigated with simple configurations and preventative controls.
You need to consider the following:
- Communication across all employees
- Risk analysis beyond the management of traditional insurance or even project management
- There's also a level of risk acceptance, including straight up ignoring it
- Frameworks (like NIST CSF or Microsoft Operation Framework), data regulation, or compliance issues
Think beyond the hacking and administering part of information security. You can have strategic plans with
- Information security management
- Information security consulting
- Information security analytics
- Disaster planning and recovery
Don't look for a one-size-fits all solution to solve all security problems. You can however, go a long way involving your people.