Navigating the noise, complexity and uncertainties of the cybersecurity landscape demands clear thinking. But that’s no easy task.

The security professional today has to be knowledgeable about the organization’s own environment, business needs and risks, compliance requirements, best practice frameworks, internal policies and procedures, and the crowded market of product vendors and service providers.

Add to that the daily deluge of news and reports—from public breaches to emerging threats and newly-discovered vulnerabilities—and all of this is enough to cloud any mind.

Yet clear thinking is exactly what’s needed to successfully implement cybersecurity strategy, and it’s definitely put to the test during incidents.

How can we gain clarity and consistency in thinking, so that we are able to lead, not just respond? How can we organize our thoughts, so that we can function properly in a world of constant distractions?

An important step is to acknowledge that thinking is not just about the content of thoughts themselves. It’s not just a function of data input. Thinking is also a process that derives from mental frameworks, assumptions, values and postures.

It’s the last one—mental postures—that’s worth exploring a bit further here, as these can have a profound impact on how we approach a problem. Mental postures are the attitudes and predispositions for observing, orienting, deciding and acting* that occur within the mind. More specifically, dispositions like firmness and flexibility come into focus and influence our thinking.

Effective security requires both firmness and flexibility.

We need to be firm enough to be disciplined in adhering to security policies, implementing good habits and best practices, and paying attention to the details that matter. At the same time, we need to be flexible enough to consume, understand and respond to new information, emerging threats, changing requirements and innovative solutions.

Too firm, and (Read more...)