06 Feb 2026
Q&A: NIS2 in plain language. All your questions answered
Many novice and experienced security officers will recognise this: you have done everything you can to learn as much as possible about information security, and you are starting in your role at a new organisation. You set to work in good spirits, because after all, you have the task of saving this organisation from all the evils of the internet. Of course, everyone thinks this is extremely important, and that is why you will be able to make great strides very quickly.
And then there is reality. Information security is very important, but so are the business or other goals of the organisation. Especially for stakeholders who are less familiar with information security, your substantive arguments are difficult to follow and not particularly interesting. Don't let this demotivate you, because despite this minor setback, you can still achieve a great deal by making a few adjustments to your own vision and behaviour. As a company offering Security Officer As A Service, we can promise you this based on our experience. We offer ISO, TISO, ISMSO and CISO services starting from just 4 hours per week.
The tips below will help you and your organisation move forward in a better and more structured way.
- When you start somewhere new, you will undoubtedly encounter issues that are not in order. However, don't immediately rush in and implement all kinds of measures that seem useful to you. Instead, first learn more about the “risk appetite”; what is really important to the organisation and to what extent risks are accepted. Only then can you start mapping out the risks and reducing them structurally.
- You cannot know everything. Many people think that a security officer is a jack of all trades and therefore has in-depth knowledge in all areas. This is not realistic and, more importantly, it is not necessary to perform your role well. It is much more important that you know where to find the right expertise at the right time. So spend time building your network so that you always know where to turn when you need in-depth information.
- Write and communicate in plain language. You will often be reporting to people with less technical and/or substantive knowledge than you. It therefore does not always make sense to justify your choices at a very deep level. Make sure people don't lose interest in your story, but be clear and concise about the risk, consequences and implications of the solution you are proposing.
- Take your time. You need it to find out what measures, tools and knowledge are available within the organisation. Spend your time gathering this information so that you can use it later to make the right choices for the organisation.
- Never make important decisions alone. You can use your knowledge to advise the organisation as best you can on the steps they can take, but on the one hand, it is not up to you to determine what is important for the entire organisation, and on the other hand, it is also important for engagement that you involve your stakeholders in everything that is happening.
Hopefully, this advice will help you get off to a good start in your new role as security officer. If you or your organisation need more knowledge and experience in the field of information security and the role of security officer, PuraSec is happy to assist you!
And if you want to help these organisations with your knowledge in the field of information security, take a look at our vacancies.
