I recently stumbled across an interview with Jason Witty, global CISO at JPMorgan Chase, from SecureWorld, Twin Cities.
The video offers some great perspectives and advice and Witty makes three key points in the clip:
1. Communication: Learn to speak Klingon to your team but English to everyone else.
2. Team: Build a great team with continuous training and workforce development.
3. Detection and response: Plan to fail, he advises, by focusing on detective controls and having a comprehensive response plan practiced and ready.
The communication point resonates with me. In my experience, while non-technical executives are far more aware of cyber risks than they were five years ago, articulating corporate risk from technical detail can still be challenging.
During my time in cybersecurity I've definitely seen a shift in mindset from boards. Today, security teams are far more inclusive in business decision making. More than ever before, cybersecurity is viewed as a business matter, rather than a problem that someone down in the basement deals with.
Building strong cybersecurity teams is no simple task. It's widely known there is a skills shortage in our industry and salaries for analysts have rocketed to an all-time high. I believe the shortage in skills is also contributing to the technologies and deployment models we see selected by clients. The demand for cloud and managed services has never been greater and automation is becoming crucial to many security operations.
Naturally, Witty's point about detection and response was my favourite point as it's what LogRhythm does best. While prevention technologies are a key component to a security posture, it is naive to think your organisation will never be breached. The volume and sophistication of threats are growing daily. Witty references this in the clip: "There is new weather added onto Planet Cybersecurity every quarter — and the previous weather never goes away."
Having a detection plan is like having a smoke alarm in a fire. You will be alerted to it and having a response plan means you have the fire extinguisher to put it out.
Assuming that one day you will be breached is the best mindset to have. It will allow you to build a plan, rehearse it and recover quickly when that day comes.
Detection & Response: Plan to fail, Witty says, by focusing on detective controls and having a comprehensive response plan practiced and ready.