If you are the CISO of a mid-sized enterprise, end that zoom call and take a step back.
You probably spent 60+ hrs in Zoom meetings this week.
Your team has been working really hard over the last few months dealing with the change to a work-from-home workforce. Lots of sweat (and hopefully no blood). But, you are still 1 click away from a major breach, and your company’s attack surface continues to grow.
If reading this makes you uncomfortable, perhaps it is time to reserve some team cycles to “changing the business” as opposed to “running the business.” This is the only way you will make progress on that strategic infosec roadmap you promised your board and senior management earlier this year.
Getting Started
Getting started is pretty straightforward: you need to invest in continuous cybersecurity visibility and risk-based analytics:
- Hire (or re-purpose) one person on your team to become your “chief data officer”
- Deploy a tool like Balbix
- Create a map between network/endpoint vulnerabilities and risk owners
- Use the data-driven risk-based prioritization across all aspects of your security program: vulnerability management, protective tools, incidence response, and your…
