About that Cybersecurity Life
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
Cybersecurity leaders CAN sleep at night, but we cannot rest. This does NOT mean accepting burnout or overwork – but creating a culture of continuous learning, improvement, and testing.
Misconfiguration should the scariest word a CISO can hear. Continuous security testing is probably our best bet to find and remediate both human-error and latent vulnerabilities that may exist in any organization.
Can the cybersecurity industry learn lessons from the sustainability movement? Can public commitments to good cybersecurity citizenship impact decision making throughout an organization – and reduce our shared long-term risks?
Cybersecurity leaders need to prioritize strategy – not just policies and procedures. Strategy defines our plan of action – what stakeholders are relying on us to create, want to understand and need to support.
Effective cybersecurity reporting has to be presented as the answers to the questions and concerns of our executive stakeholders and peers. We cannot start with the universe of data we possess, and then try to work backwards to a meaningful or consumable dashboard – that is looking through the wrong end of the risk telescope.
Breach and Attack Simulation is a force multiplier. Continuous and automated security testing not only makes our infrastructure more resilient, it directly addresses the one group that – after our adversaries – concerns me most … ourselves.