About that Cybersecurity Life
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
If you want to lead a security transformation, elegance is a virtue to keep in mind. This does not mean overly permissive policies. Elegance is nimble – but strong and controlled as well – and our security stacks should be the same.
Misconfiguration should the scariest word a CISO can hear. Continuous security testing is probably our best bet to find and remediate both human-error and latent vulnerabilities that may exist in any organization.
Cybersecurity enforcement policies should adopt the elegance of microservices design. Not focusing on how to implement our tools efficiently is an industry failure and a risk to our organizations.
By breaking my own rules, I proved I was right about Entitlement Based Policies – especially when it comes to IAM and user provisioning.
Can the cybersecurity industry learn lessons from the sustainability movement? Can public commitments to good cybersecurity citizenship impact decision making throughout an organization – and reduce our shared long-term risks?
EDR deployments are often undermined by policy sprawl – too many policies that conflict or are unclear. Moving to an Enforcement Based Policy model can not only simplify deployments – but puts the focus back on the security posture of the organization – not its dynamic structure.
Cybersecurity leaders need to prioritize strategy – not just policies and procedures. Strategy defines our plan of action – what stakeholders are relying on us to create, want to understand and need to support.
Effective cybersecurity reporting has to be presented as the answers to the questions and concerns of our executive stakeholders and peers. We cannot start with the universe of data we possess, and then try to work backwards to a meaningful or consumable dashboard – that is looking through the wrong end of the risk telescope.
Despite how prepared we were from a cybersecurity perspective, the last few months have been exhausting. For those who suddenly shifted to fully remote work, the loss of Twilight Time – those hours where we could mentally transition between work and home life – has been stark. But in a field that would demand 24-hours of our day, cybersecurity leaders have to be as intentional and proactive about our time, as we are about security strategies.