Cultivating Experience in Security

Show Notes

• The number one reason why cyber security programs fail is the business is misaligned or completely missing cyber security strategy.
• How much you spend on cyber security does not reflect the level of your protection, it is how and what you focus on and the expertise it is executed with.
• The amount others spend does not inform your comparative protection with others’ level of protection. – Gartner 2021 (Benchmarking is not a good comparison)
• Get a real cyber security pro who is ruthlessly focused on the business’s success, and protection, IT, compliance, and privacy will follow as a byproduct.
• Do not expect IT to solve this issue, Cyber is a business issue and must be located there to effectively develop the right strategy.
• Cast out all turf, sacred cows, and organizational limits – align cyber priorities directly with business decisions and priorities – in the same breath as a major business decision, the cyber risk issues should be a strategic component.
• The right advisor can cut through the noise, get rid of the IT speak, and align your security strategy directly to the business – it's business expertise combined with cyber security understanding that creates the right strategic thinking and advice.
• The board’s role should focus on strategic goals, to do this, they need to have clarity on the investment worth crown jewels of the company and the realistic threats against them.
• Hackers love budget restrictions, project delays, and other business decisions that make it easy for them to hack you. Your strategy needs to be dynamic and support daily decision-making on changing risk issues.