The 10 takeaways of building a successful security posture program

Author: Gal Gonen , Vulcan Cyber Director of Marketing

Cyber risk leaders shared their best practices at the CyberRisk Summit on December 5, 2023. We've handpicked two sessions and compiled them Into one piece with 10 takeaways. Enjoy!

Agile security: How Paystack empowers Its small security team for effective cyber risk management

In short: Jocelyn van Heerde from Paystack shared insights into their vulnerability management journey, highlighting initial challenges faced by the small security team in managing compliance and audits across multiple countries.

Paystack uses Vulcan Cyber as its central security hub that connects with necessary connectors and eliminates manual Excel sheets.

Lessons learned:

1. Get your vulnerability management efforts together: Manage risk through a centralized hub for vulnerability management streamlines workflows, reducing manual efforts.

2. Group assets together: Leverage features like asset grouping and tagging to facilitate precise triaging based on risk prioritization and business impact.

3. Establish accountability and KPIs: Use personalized dashboards and KPIs for security measures within teams.

4. Enhance progress visibility: Build comprehensive dashboards that provide an overview of the organization's risk posture, fostering better engagement and collaboration.

5. Explore, but reevaluate: Exploring solutions, tactics, and methods. Reevaluation is crucial as tools may evolve to meet specific needs.

The establishment of a collaborative vulnerability management program

In short: In her session, Samira Jamnejad, CISSP from Wealthsimple highlights the significance of effective communication in bridging the gap between security and engineering teams.

Lessons learned:

1. Focus on remediation gaps: Building a vulnerability management program involves understanding and addressing gaps in the remediation process, such as ticket comprehension difficulties, risk acceptance, and the need for effective communication.

2. Follow the key steps in vulnerability management: Identification, prioritization, and remediation are crucial. Without effective remediation, identification, and prioritization efforts do not significantly reduce risk.

3. Identify risk everywhere: Utilizing different scanners, detection sources, and bug bounty programs for comprehensive vulnerability identification.

4. Provide remediation guidance: Remediation may be challenging for engineers, so providing guidance or solutions is essential for effective resolution.

5. Integrate the right tools: Using platforms like Vulcan Cyber and Jira offers a unified view of vulnerabilities, aiding in risk-based prioritization. The integration streamlines communication with engineering teams and provides insights through a dedicated vulnerability management board. Using teams' native tools also helps with ongoing, two-way communication and fosters a healthy relationship, mutual trust, and continuous improvement in the vulnerability management program.

Watch the full Wealthsimple session >> https://vulcan.io/resources/webinar/how-wealthsimple-built-mature-vrm-program