From Security Weekly Wiki
Revision as of 19:43, 14 August 2020 by Matt (talk | contribs) (→‎Articles)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


  • CISOs say new problem solving strategies required - At present, executives are solving a brand new set of problems. Stay-at-home orders and remote work have catalyzed massive organizational shifts. These include:
    • Transitioning infrastructure
    • Rethinking data privacy and storage
    • Reconfiguring budgets
    • Reshaping the internal culture around cyber security
  • Two CISOs Pay $400k for Security, Yet One Spends 10x More. How? - The average organization spends about $7,500 per employee on information technology, with about 5.6% of that spend earmarked for cybersecurity. At these rates, the CISO at an 1,000 employee organization has an average annual infosec budget of $400k, with around $220k spent on reactive measures and $180k spent on proactive measures. As you can tell, an “average” breach, at $4 million, is an order of magnitude more costly than the overall budget for an organization like this. So, if we consider a scenario where one CISO invests heavily in proactive measures, successfully avoiding a major breach, while another invests primarily in reactive measures, and ends up cleaning up after a major breach, CISO one ends up spending 10x less overall.
  • How Remote Work is Reshuffling Your Security Priorities and Investments - And the winners are...
    • Identity and access management (IAM)
    • Endpoint detection and response (EDR)
    • Cloud security
    • Mobile device management
    • Data leakage prevention (DLP)
  • How to tackle the IAM challenges of multinational companies - The rapidly changing business, regulatory and IT environment makes IAM a tough nut to crack for large multinationals. To deal with these regulations, multinational companies need a strong IAM that is flexible enough to be strong in some regions, but more relaxed in others. Here's a few recommendations:
    • Shift to as-a-service model
    • IAM as a managed service
    • Define your future Identity Fabric
  • How to make your security team more business savvy - CISOs are finding ways to inject more business skills into their teams through recruitment, training and staffing strategies that broaden workers’ horizons — strategies that they say are paying off with stronger security and better aligned risk management. Here's how:
    • Lead by example
    • Create opportunities for more cross-function experiences
    • Hire broader-minded talent
    • Cultivate a business mindset in staff members
  • How to Prepare for a Difficult Conversation You Can’t Have in Person - Here are four ways business owners and leaders can prepare for tough conversations with greater intention and reflection, especially when they can’t have them face to face.
    • Define your desired outcome.
    • Anticipate what will be seen and said.
    • Script before you speak.
    • Make sure to vent first.
  • Security Jobs With a Future -- And Ones on the Way Out - Some titles are hot, while others are not, amid rapidly shifting business priorities. Here's the list...
    • HOT
      • Data Scientist/Security Analyst
      • The DevSecOps Security Engineer
      • Security Architect
      • Cloud Roles
      • Governance and Compliance Roles
    • NOT NOT
      • Security Operations Center Analyst
      • Traditional Security Engineer
      • Hardware Engineer
      • Data Center Security Manager