I absolutely love the fact that information assurance and security is such a hot topic. It makes me ecstatic to know that an area so critical to organizations in nearly every sector is becoming a more top-of-mind conversation. People are consuming content, going to conferences and getting inspired to take action.
But the truth is, what we truly need to do is work together to leave an impact. I want the legacy of our hard work and these thought-provoking conversations to inspire all of us to come together to shift the paradigm, making us proactive instead of reactive. I want to kick our collective butts into gear and create a community that can collaborate, share information and actively execute on it.
Have questions about the strength of your security strategy? Click here for a complimentary consultation with one of our security experts.
I can understand why many security professionals often experience intense frustration and feel overwhelmed when talking about all that needs to be done to be successful in today’s “cyber world.” Between organizing and executing user training; creating robust security policies; and investing in the right technology, the security professional’s ‘to do’ list seems to always be growing. There are so many of us out there with the same exact questions and challenges, such as:
- How do we elevate the CISO to become a business solution provider?
- How do we build a pervasive security culture?
- How do we keep a pulse on our internal security measures that are just as important as protecting from external threats?
- How do we refine our skills to detect and manage cyber incidents?
- How do we develop a forward-looking risk mitigation program and integrated threat intelligence capabilities which are necessary for a strong cyber defense?
These challenges could go on for pages… and so many times we get the same answers: Buy this platform, install that point solution, collect this data, buy these flashing lights, etc.
The problem with these answers is that security-focused culture consists of far more than a point solution or a set of “flashing lights.” Relying on just those few answers forces us into a self-fulfilling prophecy of neglect and failure when we are faced with challenges like lack of funding, organizational support or available talent.
A true security culture is only created through continuing effort and an ongoing journey. It is a marathon and not a sprint, a race that should always be focused on business solutions, rather than just the narrow problems in front of us. The terms “We can’t” and “The way it has always been” are no longer an option in today’s business-centric cyber world.
Instead, we need to be creative, think outside the box and move conversations forward using language like, “If there is no budget, let’s talk about open source communities and solutions,” or “If there is a talent shortage, let’s talk about partnering to build programs to shape that talent.” And if we are faced with the reality that we can’t afford the flashing lights, let’s get back to basics like:
- Taking advantage of quick wins like properly deploying aggressive cyber hygiene and concentrating on hardening our systems
- Researching who is interested in our data
- Focusing on where our data lives and how to protect it
- Sanitizing our business’s online profiles
- Concentrating on ourselves and our people!
I firmly believe that simply discussing problems in a circle and complaining are defense mechanisms—it’s easy and unproductive. Instead let’s talk about building a community, discussing the art of executing and being proactive, even though it can and will be demanding.
Simply reading this post will not raise your security game. But if we organize, collaborate, share ideas and solve issues together, we will have collectively constructed a community that proactively builds cyber business solutions.
Now tell me: What are WE going to do about it?