This older post peeked our interest and we couldn’t resist to help everyone out by providing a few good tips. If you read or plan to read the article, link at the bottom, then you will find out that the article does a good job bringing everyone up to speed on the controversies surrounding the elimination of the Dod’s Cybersecurity coordinator position but we believe the problem is a little bigger than a lack of a “Cybersecurity Coordinator” position.
So let’s do work and dive in!
Not having a cyber leader at any level is indeed a “a step in the wrong direction”. We see this in the DoD and other communities that our clients are in. However, the issue is way bigger than this!
Just mentioning the words cybersecurity and coordinator leaves us puzzled. We don’t even know what a person with that title would do… and we have been doing this for over 20 years.
If we’re serious about change then let’s start by being honest with ourselves and the Cyber Domain.
Most cyber experts know that cybersecurity “coordinator” is not a real position…we understand what cybersecurity is and what the word coordinator means but those two words together sounds like a glorified middleman that won’t understand the Cyber domain.
If you want to fix cyber problems then let’s start by hiring some real cyber experts…nowadays these come in the form of Chief Information Security Officers (CISOs) and even better Security Architects. Look around and see how many organizations have any of those Cyber leadership positions in their organization. Most tend to also get this wrong by combing a Chief Information Officer (CIO) with a CISO.
Cyber leaders are a mere fraction of the overall equation that should be analyzed when trying to understand what’s really broken within your Cyber world. We understand that having a bad cyber leader sucks but you know what sucks even more…having a bad cyber program and business!
Cyber programs are everything; they are a self-contained business.
You may be wondering, what is a cyber program? Before we move on, let us tell you what it means to us. A cyber program is a collection of people, processes and technologies that revolve around a common goal; done! Pretty simple right.
Just imagine if you were in the pizza delivery business. The common goal is to make and sell pizzas. One would have all the people, processes and technologies in place to make this happen. The business owner who master this and comes up with the perfect combination of the three, wins.
So why not just call each program a business then…well here’s the twist. Within the cyber domain there is a one to many relationship with businesses and programs. There is often a single business which encompasses many cyber programs and there are also businesses that specialize in just one (1), single, cyber program. However, we are always in concert with focusing on one thing and being great at that.
Nowadays, Cyber consultants tend to make Cyber businesses that try to deliver many, if not all, Cyber programs. Don’t get us wrong, some of these companies are successful and have “big names” in the industry but most of those companies end up hitting a ceiling, becoming inefficient and delivering shitty value.
To further make the synapses fire, some cyber programs that you may be familiar with are called, Penetration Testing, Vulnerability Assessment, Auditing, Risk Management, Information Assurance, Software Assurance, Incident Handling, Intrusion Detection, Security Engineering, and many others.
So if someone was truly interested in adding Cyber value by identifying what makes the U.S. vulnerable to cyber attacks then they should start by understanding what cyber programs the U.S. has in place to prevent these vulnerabilities and holistically looking at those. We guarantee most of them need help.
Therefore, looking at a cyber program as a whole allows the entire equation to be considered and provides the best Return On Investment (ROI) for you and your business. As we tell many of our clients, treat each cyber program as a business and you will never go wrong! Well…unless you suck at business… but even with that mindset, you will still be far ahead of those that don’t.
And did we mention, this works! Based on our experience, operating strictly in the Cyber Domain for over 20 years, we hand-built and transformed over 20 cyber programs. And these cyber programs are still in operation!
If you need help building, improving or transforming your cyber program(s) then click the link below to setup a free consultation with CyberBlueprints.com and also receive a free case study.
Article Title: Trump’s lack of cyber leader may make U.S. vulnerable.