148 Security De-engineering
because the document that describes the regulation is usually publicly
available and anyone can read it. Surely the real challenge of compli-
ance is in the IT challenges faced by security and IT—and the security
skill set required to meet this challenge cannot really be generalized
any more than “security.” A security expert (with some management
guidance) who can speak the language of IT and actually work eec-
tively with other IT departments is the person needed to ll this role.
However, in practice, the candidate who can demonstrate knowledge
of privacy regulations is more likely to get the job as compared with an
analyst who has broad IT and practical security experience.
e same can be said with the Payment ...