Cyber Advisers

Five dysfunctions in Cybersecurity – Report from the trenches.
Of late, I have been doing a lot of hands-on cybersecurity work in the trenches. I have gained a renewed appreciation for the need to use appropriate metrics to prevent efforts resulting in dysfunctional controls.
1. Dysfunctional Governance: Cybersecurity Governance in its essence, should clearly delineate “who makes what decision”. Instead of Security SMEs, decisions are often made by managers who are influenced by competing factors. Remember Trump vs. Fauci.
2. Dysfunctional Budget: A minimum of 1% of revenue should be allotted to security, privacy, compliance, and cyber insurance. It is the cost of doing business in a digital hyper-connected space. For reference, NATO recommends 2% of GDP on defense expenditure.
3. Dysfunctional Structure: Security leadership reporting to the Infrastructure Teams. This is often done in the name of streamlining and productivity. The two teams have conflicting objectives; because of this action, the fiduciary responsibility of the cybersecurity team is severely muted.
4. Dysfunctional Accountability: Securing sensitive and confidential information should be a full-time responsibility for any organization. Giving another leader the responsibility of securing the organization as an add-on responsibility is naive. Direct reports to the CIO are often willing to wear multiple hats to transition into the CISO role. If a leader is interested in taking responsibility for cybersecurity, the practical solution is to have them relinquish all other duties and transfer them into the security role.
5. Counter-intuitive Security Classification: For instance, tagging contractors or admins as a security control mechanism is counterintuitive. There is no correlation between insider threat and type of workforce. Inadvertently, you violate the zero-trust principle and send the wrong signal by implying that some are equal among equals.

My first book on Amazon KDP.

https://www.youtube.com/watch?v=rk044XBNKdk

Developing a Cybersecurity Career Women Leaders in Cybersecurity: Closing the Gender Gap October 14, 2016 NYU Center for Cybersecurity Developing a Cybersecurity Career: Empowerment, Educatio...