A True Paradigm Shift in Security Management

“Cyber Security 1.0” was vulnerability based, and has what I would argue limited and decreasing levels of success as public breaches continue at a record pace even though IT and IT security spending continues to be an increasing leadership and spending priority. The problem as I see it is that, at least in North America, we have always bench-marked our security programs, our risk assessments, and our solution designs against regulations and whatever we thought were “best practices.”

As pointed out to me by my security intelligence colleagues, absent adversary insight, our strategies focus our work hunting vulnerabilities within our own environment which in many cases today have already been exploited. This ‘close the barn door after the horse is already out’ approach leaves us in a reactive only management position which is well known to be expensive and ineffective from a risk management perspective.

“Cyber Security 2.0” must better manage our environment in light of the adversary’s capabilities and attack methods. That means defining our security management, priorities and methodologies in terms of the ‘real’ threat in terms of the people who would seek to do our organization’s harm, rob our shareholder value and damage the organization’s brand. Doing this requires a new approach that is responsive to changing marketing conditions and a program that can defend against the “new normal” of increased threat pace and adversary capabilities.

Dave Tyson

Leave a Comment





Ready to Get Started?

Click on the button below to take the first step towards securing your organization against cyber security threats.

Marketing Meeting

The Top 3 Cyber Security Risks Every Chief Marketing Officer Should Care About

The Chief Marketing Officer (CMO in many organizations) is on the front lines of two of the largest battle fronts ...
Read More
Castle

Digital Comes of Age

For the past millennia or so, the traditional approach to securing assets has been the utilization of a castle mentality. ...
Read More
Paradigm Shift

A True Paradigm Shift in Security Management

"Cyber Security 1.0" was vulnerability based, and has what I would argue limited and decreasing levels of success as public breaches ...
Read More
Geek Shall Inherit the Earth

The Geek Shall Inherit the Earth………..

At least according to Microsoft a few years ago, and if that’s true then the earth will be led by a ...
Read More
IT Security for Physical Security Pro

IT Security for the Physical Security Professional

One of the greatest challenges for a CISO is helping traditional security professionals believe they can learn information security fundamentals ...
Read More
IT Security Sales Professionala

IT Sales “Professionals” and Common Sales Tactics

I don’t want this to sound like a rant, but after four years in the Silicon Valley being bombarded by ...
Read More