We
often complain how tough cybersecurity is, yet we often make the same mistakes
again and again.  It’s true,
cybersecurity is an unforgiving underdog of a situation that is complex,
relentless, incredibly difficult to overcome, and often thankless.  But we are not doing ourselves any favors by rinsing
and repeating the same blunders over again. 
We must learn and get better so as not to repeatedly make the same
mistakes.  Several years ago, out of
frustration, I created a class with LinkedIn Learning to call out the biggest systemic
problems in cybersecurity with the hope that we could get better at avoiding such
foundational face-plants. 

Know
what?  The prevalence of those 5 issues
have NOT CHANGED!  We continue to stumble,
repeat mistakes, and fail to learn from the lessons of people before us. 

Top
5 Cybersecurity Organizational Mistakes:

1.      
Inexperienced
Leadership – because a bad leader can
undermine even the best team!

2.      
Deprioritizing
Strategic Thinking – just running fast doesn’t
mean you are heading in the right direction and being stuck in a firefighting
mode, won’t ever get you ahead of the risks!

3.      
Failing
to Optimize for Threats
– “He who defends everything, defends nothing.” – Fredrick the Great.

4.      
Insufficient
Organizational Teamwork
– cybersecurity is not a solo act, success requires a group of heroes working
together

5.      
Failing
to Maximize Value – at the end of the day, cybersecurity
is a function to protect and support the business – therefore we must maximize
our value to justify the investment

We
can’t make cybersecurity easy.  There is
no magic wand, innovative tool, or master playbook that will fix or ‘solve’
cybersecurity.  But we can avoid many of
the gator infested pitfalls if we simply learn to not make mistakes that are
already well documented. 

So,
back to that class that is normally behind a paywall – I realized that as the author
I have the ability to create a free access link (for friends and colleagues),
essentially giving it away for free for a period of time (thanks LinkedIn
Learning).  So, let it be known that I consider
all my 195k LinkedIn followers as friends or colleagues and am providing a free
link to them: 

https://www.linkedin.com/learning-login/share?forceAccount=false&redirect=https%3A%2F%2Fwww.linkedin.com%2Flearning%2Ffive-biggest-mistakes-of-cybersecurity-programs%3Ftrk%3Dshare_ent_url%26shareId%3DRh8x9g2LR46Rk51XOTyuRQ%253D%253D

No excuses!  Take the free training, skim over the videos.  Tell me what you think is missing.  Share your insights.  But let’s not keep making the same mistakes!  Cybersecurity is already tough enough.

*** This is a Security Bloggers Network syndicated blog from Information Security Strategy authored by Matthew Rosenquist. Read the original post at: https://infosecstrategy.blogspot.com/2025/02/cybersecurity-rant-senselessly.html