End that Zoom call and take a step back…

If you are the CISO of a mid-sized enterprise, end that zoom call and take a step back.

You probably spent 60+ hrs in Zoom meetings this week.

Your team has been working really hard over the last few months dealing with the change to a work-from-home workforce. Lots of sweat (and hopefully no blood). But, you are still 1 click away from a major breach, and your company’s attack surface continues to grow.

If reading this makes you uncomfortable, perhaps it is time to reserve some team cycles to “changing the business” as opposed to “running the business.” This is the only way you will make progress on that strategic infosec roadmap you promised your board and senior management earlier this year.


Roadmap to change

Getting Started

Getting started is pretty straightforward: you need to invest in continuous cybersecurity visibility and risk-based analytics:

  1. Hire (or re-purpose) one person on your team to become your “chief data officer”
  2. Deploy a tool like Balbix
  3. Create a map between network/endpoint vulnerabilities and risk owners
  4. Use the data-driven risk-based prioritization across all aspects of your security program: vulnerability management, protective tools, incidence response, and your recovery programs


Toy Maker CISO/CIO Dash


Ideally, you should define some measurable KPIs and set up goals for each of the 4 pieces of your cybersecurity program:

Split your assets into 3-10 asset criticality groups based on the impact they will have on the business if compromised.

  1. For vulnerability management, define a coverage metric (% of your assets analyzed) and mean-time-to-resolve (MTTR) target SLAs for each asset class defined above.
  2. Don’t forget to track your risk from human users. Your data driven tools will enable you to measure the “phish-ability” of each of your users and their “password hygiene” level. You will do some targeted training to improve this.
  3. For your protective tools, define coverage metrics (% of your assets) which have endpoint level or network level compensating controls functioning. This is the backstop to your VM program.
  4. For incidence response and recovery, make sure you are able to measure mean-time-to-detect (MTTD) and mean-time-to-recover (MTTR). Ideally, you should have separate target SLAs for each asset criticality group.

Think like a risk owner

The security team cannot manage cyber risk all by themself. You need each risk owner to do their part. The best way to do this is to give them easy-to-understand and contextual dashboards which drive them to act to reduce risk.

Wireframe a dashboard for a typical risk owner.

Now you will feel much better.

We designed Balbix to help you with this type of rapid transformation of cybersecurity posture, especially in the context resource constrained security teams. Drop us a line today, and we’ll be happy to help.

*** This is a Security Bloggers Network syndicated blog from Blog – Balbix authored by Gaurav Banga. Read the original post at:

Avatar photo

Gaurav Banga

Gaurav Banga is the Founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, he co-founded and served as CEO of Bromium for more than 5 years. Earlier in his career, he served in various executive roles at Phoenix Technologies and Intellisync Corporation, and was Co-founder and CEO of PDAapps (acquired by Intellisync in 2005). Gaurav started his industry career at NetApp. He holds a PhD in CS from Rice University, a B.Tech. in CS from IIT Delhi and is a prolific inventor with more than 50 patents.

gaurav-banga has 32 posts and counting.See all posts by gaurav-banga