Bridging the Cybersecurity Gap

by | Sep 25, 2024 | Cyber, Expensive Thoughts, Thinking and Ruminations | 0 comments

Our Responsibility as Information Security Professionals

I’ve worked in 112 industries and eleven sectors and noticed a common trend—the urgent need for help creating a more secure environment. Over the past 18 months as an independent cybersecurity advisor, I’ve helped many companies improve their defenses. It’s still surprising how often people, businesses, and entire industries believe they follow the proper protocols, only to expose themselves, their assets unknowingly, and their employees to risks.

As information security professionals, we encounter a variety of situations. Many believe they’re safeguarding their data or assets, yet they overlook the vulnerabilities that lie beneath. What motivates me is the opportunity to assist organizations in reducing risks and operating with greater confidence. Whether it’s one company or many, the fundamental principle remains the same: data confidentiality, integrity, and availability are paramount.

One of the key challenges we face today is the need for a comprehensive understanding of what we’re protecting. It’s crucial to remember that even small, seemingly insignificant changes can lead to significant security gaps, just as minor adjustments can sometimes make all the difference in strengthening our defenses. This knowledge empowers us to

 make informed decisions in our security practices.

This message isn’t aimed at potential clients but those working to help others in the industry. We have insights that often aren’t apparent to those outside our field. Our challenge, and our responsibility, is to bridge that gap—to explain why security is important and help others understand why action is necessary. In many ways, our job is more about education than enforcement, and your role in this is invaluable.

Some light reading.  😊

  1. Communicating Cyber Risk to Non-Technical People
    https://www.isaca.org/resources/isaca-journal/issues/2023/volume-2/communicating-technology-risk-to-nontechnical-people
  2. Why Employee Cybersecurity Awareness Training Is Essential
    https://www.cisecurity.org/insights/white-papers/why-employee-cybersecurity-awareness-training-is-important
  3. Cybersecurity Leadership for Non-Technical Executives
    https://executive.mit.edu/course/cybersecurity-leadership-for-non-technical-executives
  4. Cybersecurity is Everyone’s Job
    https://www.nist.gov/system/files/documents/2018/10/15/cybersecurity_is_everyones_job_v1.0.pdf

Submit a Comment

Your email address will not be published. Required fields are marked *