Cybersecurity Notes

As I’ve said before, I haven’t been hands-on-keyboard for some time. (That’s a term I heard used for the people that do the amazing work of defending networks against the bad guys and I really like it.)

I deal at the business level. I protect the ability of the business to create value. Most of the time in cybersecurity, that is about minimizing risk enough that management can sleep at night. We call that reaching the tolerable risk level. It DOES NOT mean eliminating risk! The only way to eliminate risk is to close that line of business down. If anyone claims to eliminate all risk, run away…fast!

One thing to keep in mind is that some of “the bad guys” are usually much better at attacking then any company is in defending. If a good nation state sets their sites on your company, you better have your ducks in a row! Fortunately, the majority of the attackers out there are not nearly that skilled.

To be completely honest, you can protect yourself from most of the threats out there by doing a hand full of things. It is this list and other advice that I will cover in these postings. The goal here is to help protect all those businesses out there that can’t afford cybersecurity staff.

A CISO can demand $200k-500k a year. Most small-mid sized businesses can’t afford that. I understand but it’s all about demand. My hope is that these posts will help companies put a little security in place until they get talent onboard.

Paul Bergman
Follow me
Verified by MonsterInsights