---
title: "IT is not going to fix your security problem"
language: en

proposition: advisory

series-id: s01
series-title: "Security as an organisational challenge"
series-part: 1

audience:
  - leadership

channels:
  - linkedin
linkedin-account: personal

content-type:
  - post

status: published

publish-dates:
  linkedin: 2026-05-13T17:30:00Z

published-urls:
  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-activity-7460380869439016960-G-7x"

notetype: publication
isotags: []
tags: []
---

`Posted on 13 May 2026 19:30 CEST to LinkedIn personal stream`
# IT is not going to fix your security problem

IT is not going to fix your security.

Not because they don't want to. Not because they lack technical skills. But because essential parts of information security are out of scope for the IT department.

Here's what I see in practice:.
- A website developer temporarily shares admin rights with an external consultant to troubleshoot an integration.
- The account of the maintenance engineer that left the company last year is still being used. 
- A sales agent in Brazil gets full access to the company's CRM, despite operating under a different legal framework.

Examples of non-trivial information security risks arising in day-to-day operations. They cannot be fixed by technical solutions. Why? Because they're management issues, not IT problems.

Still, for most business initiatives the responsibility for information security is dumped on IT after the fact – like asking a constructor to oversee a renovation, while you're tearing down a load-bearing wall.

Information won't be secure until senior senior leadership starts managing risks, by asking the right questions before decisions are made.

Which questions are not being asked in your organization?


— Security as an organizational challenge — post 1/3

**#managingsecurity**