Skip to content

A True Paradigm Shift in Security Management

“Cyber Security 1.0” was vulnerability based, and has what I would argue limited and decreasing levels of success as public breaches continue at a record pace even though IT and IT security spending continues to be an increasing leadership and spending priority. The problem as I see it is that, at least in North America, we have always bench-marked our security programs, our risk assessments, and our solution designs against regulations and whatever we thought were “best practices.”

As pointed out to me by my security intelligence colleagues, absent adversary insight, our strategies focus our work hunting vulnerabilities within our own environment, which in many cases today have already been exploited. This ‘close the barn door after the horse is already out’ approach leaves us in a reactive only management position which is well known to be expensive and ineffective from a risk management perspective.

“Cyber Security 2.0” must better manage our environment in light of the adversary's capabilities and attack methods. That means defining our security management, priorities and methodologies in terms of the ‘real’ threat in terms of the people who would seek to do our organization’s harm, rob our shareholder value, and damage the organization’s brand. Doing this requires a new approach that is responsive to changing marketing conditions and a program that can defend against the “new normal” of increased threat pace and adversary capabilities.

Dave Tyson

Dave Tyson is the Managing Partner of CISO Insights Cyber Security Risk Advisory. Tyson has served as CISO and security leader at organizations including SC Johnson, Nike, PG&E, eBay, and as chairman and president of ASIS. Contact:, (408) 464-5310.

Leave a Comment

Ready to Get Started?

Click on the button below to take the first step towards securing your organization against cyber security threats.

Preparation for Next Crisis

Top 10 Ways to be Better Prepared for the Next Crisis

Dave Tyson | Posted in Risk Management

If we can say nothing else about this crisis, it has been a paradigm shifting moment for most of us. Just about everything we thought we knew about what “normal” life is, has been disrupted and tested for strength. In many cases we have embraced the be…

Read more

Looking Forward

Dave Tyson | Posted in Risk Management

The news for security from the 2020 World Economic Forum Risks Report is really a simple as it gets, the 4th industrial revolution (4IR) is upon us, and the opportunities and benefits for the world are amazing and here to stay. The report indicates tha…

Read more

To Zoom or not to Zoom

Dave Tyson | Posted in Vendor Security

Zoom, and products like it, are fantastic tools, and any digital tools like these is an ecosystem unto itself, and with the right rules and governance, the risk can be managed. Read this post to better understand how to managed that risk.

Read more

Scroll To Top