Skip to content

A True Paradigm Shift in Security Management

“Cyber Security 1.0” was vulnerability based, and has what I would argue limited and decreasing levels of success as public breaches continue at a record pace even though IT and IT security spending continues to be an increasing leadership and spending priority. The problem as I see it is that, at least in North America, we have always bench-marked our security programs, our risk assessments, and our solution designs against regulations and whatever we thought were “best practices.”

As pointed out to me by my security intelligence colleagues, absent adversary insight, our strategies focus our work hunting vulnerabilities within our own environment, which in many cases today have already been exploited. This ‘close the barn door after the horse is already out’ approach leaves us in a reactive only management position which is well known to be expensive and ineffective from a risk management perspective.

“Cyber Security 2.0” must better manage our environment in light of the adversary’s capabilities and attack methods. That means defining our security management, priorities and methodologies in terms of the ‘real’ threat in terms of the people who would seek to do our organization’s harm, rob our shareholder value, and damage the organization’s brand. Doing this requires a new approach that is responsive to changing marketing conditions and a program that can defend against the “new normal” of increased threat pace and adversary capabilities.

Dave Tyson

Dave Tyson is the Managing Partner of CISO Insights Cyber Security Risk Advisory. Tyson has served as CISO and security leader at organizations including SC Johnson, Nike, PG&E, eBay, and as chairman and president of ASIS. Contact:, (408) 464-5310.

Leave a Comment

Ready to Get Started?

Click on the button below to take the first step towards securing your organization against cyber security threats.

Does the new Chinese Cybersecurity law Increase Your Manufacturing or Supply Chain Risk?

That is the question business leaders are asking themselves across the world in light of the new version of China’s ...
Read More
Marketing Meeting

The Top 3 Cyber Security Risks Every Chief Marketing Officer Should Care About

The Chief Marketing Officer (CMO in many organizations) is on the front lines of two of the largest battle fronts ...
Read More

Digital Comes of Age

For the past millennia or so, the traditional approach to securing assets has been the utilization of a castle mentality. ...
Read More
Paradigm Shift

A True Paradigm Shift in Security Management

"Cyber Security 1.0" was vulnerability based, and has what I would argue limited and decreasing levels of success as public breaches ...
Read More
Geek Shall Inherit the Earth

The Geek Shall Inherit the Earth………..

At least according to Microsoft a few years ago, and if that’s true then the earth will be led by ...
Read More
IT Security for Physical Security Pro

IT Security for the Physical Security Professional

One of the greatest challenges for a CISO is helping traditional security professionals believe they can learn information security fundamentals ...
Read More
Scroll To Top