Thursday, October 17, 2019

Striving Towards Cyber Mediocrity


The best description I’ve heard of cyber security comes from a recent Forbes magazine article. That article describes cyber security as having to defend your house in a bad neighborhood without being able to lock the front door.



The cyber security industry provides us with a cornucopia of products and services upon which we spend tons of money and yet the house is still regularly robbed and often burned completely to the ground. And then we repeat the process expecting different results.

We are in a race towards mediocrity. Strangely, we may be striving for it.


We’ve raised the job entry bar on certifications that don’t account for critical thinking.

Staff know frameworks but don't know how malware works or how to stop it


We don’t manage or train cyber security staff well with the fear that they’ll leave. 


We foster the idea that being “industry average” is some sort of cyber high ground. 
 
But, the goal of a cyber program should not be mediocrity. 

It should be to facilitate organization's strategic goals by protecting reputations, building trust, and preventing unauthorized disclosure of information.  Being mediocre makes that hard to do. 
My evidence is the number of organizations that are breached each day,

And yet, we continue to follow the same approached as those breached organizations and call it best practice.

It’s easy to say that the model for cyber security has to change. 

The much harder decision is to own that change as cyber leaders. 

And then, lead to find a better way.

Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.

SEE ALSO




No comments:

Post a Comment