Thursday, September 5, 2019

How Cyber Security Works


There are always too many things in cyber security. However, one thing of which there isn’t enough is curiosity. 




Lots of frameworks. Process. Playbooks. 


Too little curiosity in the details of cyber security. 


Too little curiosity of how malware works, because researchers do that.


Or how systems connect, because that’s what the systems engineers do.


Or what the heck is going on behind that console, because the vendor owns that.


Or how APIs function, because developers own that. 


Or how to determine residual risk, because the risk team does that. 


Or how to improve communications, because the CISO owns that.


Or what AI/machine learning/blockchain means to securing your enterprise, because no one actually understands that.

The expertise has moved from the security practitioner to the framework, process, and playbook.  So, the barrier to entry of expertise has been lowered.

But the need for curiosity in cyber security hasn't been lowered.


Now, don’t get me wrong – someone needs to operationalize the frameworks, processes, and framework. And that someone is the security team. 


But only the best few security practitioners know how cyber security works. The curious few. 


Those who want to understand what they have to protect.


And don’t abstract the details away to frameworks, process, or playbooks.


Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.


SEE ALSO


Knowing If You Have The Right Cyber Leader

The Biggest Threat To Cyber Security 

A Legacy Infrastructure Security Swan Song


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)