February 11, 2019
1

What everyone in cybersecurity ought to know about planning

By | Cyber security | No Comments

My face was blank but secretly I was screaming inside my head. I felt sick. Full of shame. How could I have been so stupid. And, as I stood there, being scolded for not delivering an effective plan and hitting my KPIs, the words my manager bellowed out at me became ingrained on my memory forever. He said,

“If you fail to plan, you are planning to fail.”

These were the exact words Catherine used to describe a situation she’d found herself in at the start of her cybersecurity leadership career. When we met, she was still scarred from the ordeal and low in confidence.

It was a tough lesson for her to learn and she vowed never to repeat it. And, whilst I agree with her manager for directing her to Benjamin Franklin’s infamous quote, I know that if you want to hit a goal, KPI or target, planning isn't enough. Planning alone doesn’t prevent mistakes from happening or reducing all possible risks — not in an environment where technology, team capabilities, stakeholder expectations, and competition are perpetually changing.

What actually does is your agile resilience — your ability to recover and adapt, fast, when things go wrong. And this is why failure is such an important lesson to build into your planning, and if you’re leading, your management style.

It's something I regularly go through with my clients when I'm delivering business strategy and leadership training, and one of three little known strategies I use when I'm planning. Now, these aren't in my Clarity + Planning Workbook that many of you have downloaded, so unless you join my IN Security Tribe whereby you'll get them early, you'll just have to wait for the other two as I deliver them during February.

Read More

January 1, 2019
0

Five valuable lessons of 2018 I won’t forget plus the progress I made

By | Cyber security | No Comments

In the corner of my dining room I sit alone, aside from my Weimaraner dog, Luna, who's curled up on a rug a few meters from me. I have an Irish jig on. The music is sweet and I'm reflecting on the year that's about to end. I've chosen not to go out. I want time to myself. It's been a busy year and I've been very social. But, with the new year ringing in, I want to write – to share the progress I've made and the lessons I've learnt in business and life during 2018. I do so in the hope that I may inspire you to stay strong, raise your game, and spread your message in cybersecurity.

Read More

December 19, 2018
1

Struggling to protect machine identities? Read this!

By | Cyber security | No Comments

In the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Venafi’s Machine Identity Protection event that was streamed live on 13 December 2018. Because your success is important to me, I only align myself with brands I believe in and Venafi is one of them.

Speeches. Events. Private dinners. Inner circles. Mixing with global influencers and thought leaders, I’ve participated in my fair share this year. And, as we draw to the end of 2018, one thing has become crystal clear. When we consider cybersecurity and our immediate future, threat actors are becoming far more strategic in whom they’re targeting.

They’re carefully considering how they can gain the most, whether it’s for politics, money or fame, by carefully calculating how, when and where to manipulate, steal, or release data.

With 0.8% of our global GDP coming from cybercrime, a rapidly increasing attack surface and a volatile global political climate, in 2019 it’s highly likely that we’ll see more sophisticated attacks coming from both organised criminal gangs and state sponsored attackers. And, with fuzzy lines drawn between both threat actors, it’s going to become even more difficult to ascertain who’s working for who. That’s why getting the balance right between people, processes and technology will become even more key to ensuring an organisation’s survivability and competitive edge.

Read More

December 7, 2018
0

Some practical thoughts on change, Industry 4.0 and machine identity protection in cyber security

By | Cyber security | No Comments

In the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Venafi’s Machine Identity Protection live streaming event on 13 December 2018. Because your success is important to me, I only align myself with brands I believe in, and Venafi is one of them.

“Turn and face the strange,” I said, “Just gonna have to be a different man.”

The one-liner from David Bowie’s classic song, ‘Changes,’ was the perfect way to end my keynote on humans, machines and the rapid changes that beset us in cybersecurity.

I wanted to spark my audience’s imagination and leave them contemplating. This was my cue. If ever there had been a time to get them to open up and exploit their own thinking it was now. I wanted them to dig deep, debate with one another, and fully explore the paradox of change. The change that everybody says they want.

Read More

November 20, 2018
0

Can cyber security be a business enabler?

By | Cyber security | No Comments

Recently, I've been talking a lot about business driven communication in security, building trust and the value proposition. I've incorporated these things into my high performance coaching and training programmes for years, as communication—the imparting or exchanging of information by speaking, writing, or using some other medium—is vital for today's savvy and progressive cyber security leaders.

You see, cyber security is topical and it’s exposing all of us in the industry to new areas. As people buy people, even if you don’t think you’re selling something in security, people are always buying. They’re buying into you—your mission, vision, leadership—and deciding whether or not they trust you. Creating trust, is therefore vital, if you’re going to enable stakeholder buy-in, move a project forward, get promotion, a bonus, new job, speaking opportunity, make sales and attract top talent.

And, business driven conversations around security, when you're meeting your buyer where they're at, and seeing things through their lens, build trust. They elevate you to another level. They differeniate you from the crowd. From the average. Read More

October 19, 2018
0

Security through procurement

By | Cyber security | No Comments

In May 2008, I wrote a blog about security through procurement. I wanted to make a case for it as it seemed such a logical thing to do. As it's still as relevant today as it was then – over a decade later – and as it follows on nicely from my DevSecOps blog, I thought it worth sharing.

Here's what I said.

Consider the fact: if it costs the same to install or develop a system (badly), as it does to install or develop it securely; why would you leave the choice to your supplier? The answer is you wouldn’t. Yet so many businesses actually do just that – they design and deploy systems without considering the security aspects from the outset leaving their businesses wide open to attack and unnecessary spiralling costs. This blog explores a couple of simple actions that can be taken in order to ensure that this doesn’t happen.

Typically when a business unit identifies a new venture, it creates a set of business requirements. These are passed to the IT department to interpret and a set of technical requirements are produced. Suppliers are then selected and another level of interpretation occurs. Quite often it’s pot luck as to whether the response resembles something similar to the original business requirement. By the time internal audit and information security get sight of them, they've usually been installed and functional for months. At this point, more often than not, the organisational policies and standards are found to be incompliant and significant unexpected costs are often incurred to rectify the matter.

And all this is totally needless.

Read More

September 12, 2018
0

Looking back at DevSecOps. Is it still polarised?

By | Cyber security, Uncategorized | No Comments

Back in 2004, I wrote a blog about secure development or what we now refer to as DevSecOps. Owning a leading penetration firm, we were doing a lot of evangelising about the secure development lifecycle (SDLC). Anyway, although the blog is well on its way to entering its second decade, I think it's just as relevant today as they was then and with pertinent lessons to learn. And, this is why I want to share it with you.

Here's what I wrote. Read More

June 12, 2018
0

Women in red ball gowns at Infosec. Why I spoke out.

By | Cyber security | No Comments

Listen you little wise-acre. I'm smart. You're dumb. I'm big, you're small. I'm right, you're wrong. And, there's nothing you can do about it.

Roald Dahl's heroine Matilda’s father Mr Wormwood was a bully, and he was wrong. At five and a half years old, Matilda could do something about it, and she did. She righted a wrong. And, she used her ‘special powers' to do so.

This week reminds me of her story and strength, plus my own special powers. So, let's start with one of them – communication – and two of the most important words you'll ever use.

I am.

These words are so powerful because what you put after them shapes your reality.

Cue me, and my Infosec ‘booth babes' story.

I am a leader. I am strong. And, I am humbled to learn.

Read More

Related Posts Plugin for WordPress, Blogger...