'9P' Rule - "Proper planning, preparation, process, perseverance, personnel prevents pathetic performance."
Talking with medical personnel re impact of pandemic and looking 'forward in time' to the next wave, the next big thing, the next game changer to the way things are done such as business operations and gatherings, infocom and telecom for work and school, and in particular, logistics and operations in light of whether a new pandemic and/or 'cyber nuke' when so much depends on communications and supply chain operations.
"Proper planning, preparation, process, perseverance, personnel prevents pathetic performance."
"Amateurs study tactics, professionals study logistics."
As the 'shutdown' has shown, there is economic dislocation and likely severe and permanent to semi-permanent dislocation to patterns of life and business.
Among the biggest is the realisation that no matter 'how many shiny toys and blinky boxes', things don't get done without parts, materiel raw and finished, and that no matter how smart the tools and 'shiny' the blinky box systems, nothing but nothing gets done without the people to work those tools, the personnel who knows how to use the shiny objects and blinky box automation and smart systems.
In the next 'attack', it is possible and perhaps probable that complex attacks and exploits will take 'advantage'' of societal disruption and dislocation to amplify the damage opportunity.
"beans and bullets" to support the skilled and knowledge 'troops'/front line personnel because without either, very little gets done well.
Case in point, Governors screaming for ventilators, respirators, nitrile gloves, tylenol, lab coats and gowns, face shields and surgical masks, facilities, money,,, and just now belatedly realising that they need nurses and doctors, drivers and stockers, cooks and cleaners otherwise all the supplies on hand are just taking up space.
How deep is your bench? What is the level of your reserves/reserve call up personnel? What are your fallbacks as you take successive 'hits' and amplifying attacks and exploits?
If DDoS/XDoS/ransomware or 'cyber nukes' hit during this period, the survival levels will not be good for many companies.
COO ISRSEC International, Ltd. CISO ISRSEC (North America)
4 年IRT (ibcident response teams and tactics) require focus in not only repair and recover functionalitym but psychological first response esp at 'leedership' levels to avoid spreading panic to the rest of the organisation. Poor choices, bad actions and bad reactions, FUD mentality and preparation can have serious operational and forward impact. :-0 "Proper Planning, Preparation, Process, Perseverance, Personnel Prevents Pathetic Performance" - our 9P 'rrule'
COO ISRSEC International, Ltd. CISO ISRSEC (North America)
4 年not a 'ard' rule, but to work as a tach in cyber security, 5 years foundation experience in SDLC, sysadmin/DBA, network engineering coding and scripting in SDLC enterprise projects as well as webapps, devices - FPGA, IIoT, CIoT, RAM, ROM, uProcs and uControllers, ICS-SCADA, but for human element, not quite so clear cut and for systems client work, experience and understanding of the verticals and their regulatory and operational environments. As always, dependent on the individual. Seen some tachie knuclkleheads crash and burn, ditto for powerpoint parrots and buzzword bandits 'flame out' spectacularly, failure of conventional securitay folks who fail to learn/adapt to client needs and demands. We have to 'retrain' most so we like bright and motivated indivduals over a 'well pacled and well packaged ' resume. It's what you can do, not what you know as all knowledge is ephemeral and has a 'shelf life' ;)
COO ISRSEC International, Ltd. CISO ISRSEC (North America)
4 年covid may be 'peaking' now :) gut call ,,, definitely a gut call based on simple lowpass filtering of the hysteria and reactive lag. ;) https://www.dhirubhai.net/feed/update/urn:li:activity:6653096734459248641/?commentUrn=urn%3Ali%3Acomment%3A(activity%3A6653090645319700481%2C6653096608219095040)
COO ISRSEC International, Ltd. CISO ISRSEC (North America)
4 年Zoom - had problems, 'patched' last set of vulns,,, yet now this. Smh :P too quick to jump on 'latest shiny toy' which is fine if you aren't really concerned with privacy and security. "Keys Used to Encrypt Zoom Meetings Sent to China: Researchers" https://www.securityweek.com/keys-used-encrypt-zoom-meetings-sent-china-researchers
Expert in delivering innovative AI-driven capabilities, products, cloud transformation, and cybersecurity solutions, with a proven track record of boosting revenue and EBIT across all functions and levels.
4 年World is 3 days thin ... add that.