Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is critically important to have this level of understanding across large swaths of the workforce, from the senior level to operations teams. This is due to cybersecurity’s ongoing evolution. Therefore, we always need to have an action plan or improvement roadmap for responding to required remediations.

Identify Your Organization’s Current Security State

Do you know what state of security your organization is in and how it aligns with others across the industry?

That’s such a common question; cybersecurity maturity assessments (CMA) almost sell themselves. A CMA looks at the inherent risk of the organization and completes a risk assessment. The value here is you can see each and every level of maturity you need as well as where your current state is from a granular view. When working with an organization that has the added complexity of both Operational Technology (OT) and Information Technology (IT), this granular view can help enhance the approach and prioritize investments.

On top of this, because of the variety of frameworks and regulations out there, many organizations that provide CMA services can map your responses to quickly identify gaps in the program. This leads us to another attractive trait of CMAs: the ability to give the improvement plan more depth and ultimately gain more resources and support.

When being called into an organization that is struggling with cybersecurity improvement programs, my first question is to understand the communications channels between the technical/operations teams and senior leadership. What (Read more...)