CIOReview
CIOREVIEW >> Agtech >>

Keys To Reaching The Peak Of A Cyber Security Program Journey

Christine Vanderpool, VP IT Security & CISO, Florida Crystals
Christine Vanderpool, VP IT Security & CISO, Florida Crystals

Christine Vanderpool, VP IT Security & CISO, Florida Crystals

Imagine you are on a hike in the woods. Maybe it is a path you have taken before, or maybe it is brand new. Regardless, upon undertaking the journey, one thing is clear. You must be prepared. Prepared for a storm, prepared for detours and closures, prepared for attacks and overall prepared for the unknown. Take a moment to place yourself in that situation under multiple adverse conditions and add another aspect to the circumstances, you are now also lost.

This scenario should feel familiar to all Chief Information Security Officers who are building a cyber program for the first or even the fifth time. We have all been on a journey or path that we were prepared for knowing full well of the unexpected that may and will most likely occur. We have also all had a moment where we felt lost. So how can we be ready, really ready to take the journey? The key is overcoming the feeling of being lost is to remember the essentials.

When building your program, if you begin to realize you may be lost, the key is to stop, stay calm and remember that panic is your greatest enemy. The next step is to think. Take a moment to think about where you are and where you want to go. Do not proceed until you know what step to take next. Thirdly, observe your situation. Look for familiar cues or clues that will guide you back to your original path. Lastly, determine a plan. Based on your thinking and observations, determine a plan or if you had a plan that did not go accordingly, rework it. Think through the options and then act accordingly.

 When building your program, if you begin to realize you may be lost, the key is to stop, stay calm and remember that panic is your greatest enemy 

To have a plan that can be actioned on successfully, have your essentials handy. First, you will need the fuel to feed the plan just as you would need plenty of food and water if lost on a journey. This means capital and ongoing operating budget. Understand your capital both human and financial. Many CISOs struggle in this area. They have difficultly building a successful business case that is fit for purpose and aligns with the larger strategy including financial guardrails. I highly suggest anyone building a cyber program identify all current security costs and look for areas to repurpose those operating expense funds to services and tools that provide stronger coverage and potentially even a return on the investment.

Next, you need your map. A map provides the guidance and path forward to help you from staying lost or even getting lost from the start. I prefer using a framework or standard that is already tried and true. I personally have based my programs on the NIST framework. The ideas of building coverage in the five areas of identify, protect, detect, respond and recover helps outline a perfect map for a program that you can easily continue to mature and develop over time.

A journey would not be complete without a compass as well to help you determine which way to head to next. For my compass, I like to use a condensed version of the Lockheed Martin Cyber Kill Chain. Just like a compass, north is always north, south is always south, west is always west and east is always east. Cyberattacks always happen in the same manner. If you focus on reconnaissance, infiltration, lateral movement and exfiltration or objective, you can find your way around your cyber program and identify which direction is the best direction at that movement to focus on or more forward against.

Lastly, never forget your essential tools. In order to be fully prepared for whatever journey you embark on taking into account you never know what could happen along the way, focus on the fundamental tools. You need your sturdy boots, clothes for all weather conditions, a blanket, flashlight, water bottle and anything else that will help you survive if needed. Start with the “known” or basic essentials for your program and build on it over time. A strong endpoint tool, a monitoring tool like SIEM, a good incident response plan, strong policies, good end user education, a solid identity strategy and basic provisioning tools are all solid essentials to have in your survival kit.

The final key to not getting lost on your journey to build a great cyber program is once you have the plan, don’t forget to communicate it well and make sure key stakeholders understand your path and take others along with you. Give them the right level of details of where you are going, what path or map you are following, what essentials you have at your ready and ultimately the timeline and end goal of the hike. Remember that along the way, if you do get lost at any time, the most important tool you have is keeping a positive attitude.

Read Also

Balancing Innovation and Standardization

Balancing Innovation and Standardization

Matt Kuhn, PhD, Chief Technology Officer, Innovative Technology Services, Thompson School District
Leveraging Quality Engineering and DevOps to thrive in the face of churning customer expectations

Leveraging Quality Engineering and DevOps to thrive in the face of...

Michelle DeCarlo, senior vice president, enterprise delivery practices, Lincoln Financial Group
Pioneering the Future Through Technology Innovation

Pioneering the Future Through Technology Innovation

Eric Kunnen, Senior Director, IT Innovation and Research, Information Technology, Grand Valley State University
Reimagine Naval Power

Reimagine Naval Power

Lorin Selby, Chief of Naval Research, Office of Naval Research
The Shifting Enterprise Operating System Ecosystem Is Helping Warehouse Operations Evolve

The Shifting Enterprise Operating System Ecosystem Is Helping...

Tom Lee, Director Sales Engineering, Zebra Technologies
Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Michael Shanno, Head of Digital Transformation, Global Quality, Sanofi