About that Cybersecurity Life
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
If you want to lead a security transformation, elegance is a virtue to keep in mind. This does not mean overly permissive policies. Elegance is nimble – but strong and controlled as well – and our security stacks should be the same.
Misconfiguration should the scariest word a CISO can hear. Continuous security testing is probably our best bet to find and remediate both human-error and latent vulnerabilities that may exist in any organization.
Can the cybersecurity industry learn lessons from the sustainability movement? Can public commitments to good cybersecurity citizenship impact decision making throughout an organization – and reduce our shared long-term risks?
Despite how prepared we were from a cybersecurity perspective, the last few months have been exhausting. For those who suddenly shifted to fully remote work, the loss of Twilight Time – those hours where we could mentally transition between work and home life – has been stark. But in a field that would demand 24-hours of our day, cybersecurity leaders have to be as intentional and proactive about our time, as we are about security strategies.
As senior members of the Executive team, CISO’s have political influence – of course collectively in our professional associations – but also across the organizations and industries where we work. We are responsible for the information assets of huge cohorts of stakeholders across industries – and have a meaningful role to play in the public discourse. If we leave advocacy primarily to our vendor / partners or “big tech”, we risk common sense safeguards becoming partisan issues.
Breach and Attack Simulation is a force multiplier. Continuous and automated security testing not only makes our infrastructure more resilient, it directly addresses the one group that – after our adversaries – concerns me most … ourselves.
Security Awareness programs focus on training employees to protect corporate information and systems. We are asking staff to put on a “cybersecurity hats” at work – which we don’t care if they remove the moment the leave the office. To have real behavior change, cyber security awareness needs to be an authentic part of employee’s lives. CISO’s should be advocating “whole life” cybersecurity to really engage staff and reduce risk.
Caught between many opposing forces and priorities, there is an under-served conversation around best practices for the everyday CISO.