While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black, which specializes in endpoint security.

"Instead of looking at a whole bunch of different technologies and trying to fill gaps, it's [important to first look] at your security team and make sure it has the right abilities to do things like good detection, response and prevention," Johnson says in an interview with Information Security Media Group at the 2016 RSA Conference Asia Pacific & Japan in Singapore.

Key skills often lacking on security staffs, Johnson says, include: the ability to use a variety of tools to defend a wide range of systems and the ability to adapt quickly to changing threats, he says. Also, information security leaders must set a vision, allow for creativity and use an engineering mindset, he stresses.

"It is a fact that most organizations have been unsuccessful in exploiting their existing resources to the full potential," he adds. Plus, CISOs need to "use different aspects of technology to enhance the team's capabilities," he says.

In the interview (see audio player below photo), Johnson offers insights on how practitioners can do more with less in securing their environment with a comprehensive strategy. He also discusses:

Creating an appropriate security posture; Building security leadership; Building a layered approach to security; Dealing with insider threats; and Building support for security in all departments to create a culture of security.

Johnson is co-founder and chief security strategist at Carbon Black. In his role, he discusses cybersecurity strategies with businesses and works on innovation efforts focusing on openness and API capabilities. Previously, he spent several years working in U.S. Intelligence, first at the National Security Agency and then as a defense contractor.