Changing the thinking to cyber security
Edward Tucker
Positive disruptor, transformer, value creator, capability builder, speaker, advisor, rethinker
One of the biggest changes I think we could make as an industry / discipline to really alter how we approach things is to recognise linkage. Realise that everything we do is linked focus upon effectively one junction on a spiders web that’s leads down pathways.
Nothing is isolated. There are always knock on effects, dependencies, people, processes, teams, goals, and of course gaps.
The more we recognise how things bleed into each other the more we’ll design actions with links in mind. It will enable us to affect better change.
Rather than masking a problem, moving it along one or ticking a box.
It will also build a greater cognisance of the things around our little world that impact our effectiveness. Things we don’t directly control, but can influence if we understand them better.
We’ll change by thinking differently. By approaching things differently. It’s why I talk about horizontal thinking, to illustrate how things join in a ‘linear’ fashion against a backdrop of an industry that drives us towards vertical thinking; silo solutions, magic quadrants etc.
And of course aims to make us believe that the problem(s) is/are irreducibly complex. We can’t possibly hope to solve them without faith in vendor/consultancy/MSP/et al.
It is not irreducibly complex, not matter how much you are told about sophistication, or legacy, or whatever.
You can break things down into understandable components from which you can start to build out a ‘spider’s web’ of knowledge of that component and all the things that are joined to it on its linear pathways.
Improve some of those things gradually and you’ll get better.
Always trying to build up to an overall view. It’s bloody hard, but even at a local level you can improve. Whether that is your daily processes, or building relationships with dependent teams, or your overall strategy, or adversarial understanding. None of it happens overnight.
Most of all think differently. Don’t just do what the industry pushes you towards. Building understanding of linkages is key. To do that you need to think in a different way to how most approach the cyber problem(s) today.
Horizontal thinking!!!
CEO and Founder, Cybermaniacs
5 年This is really great. Here The Cybermaniacs?we feel culture needs to move the same way as you describe here, building up positive nodes and reinforcing through a variety of behvaioural approaches- there is no one taxonomy or hierarchy (for instance of biases or choice dynamics) that will help get the wave of security awareness and the necessary behaviour adaptations rolling through your company. It's putting in the thinking, thinking differently, moving horizontally and through the network of people at a company. Sometimes we find that stuff doesn't land and we move on, and we also find things we programmed as a 'nudge' event were powerful resonators and moved the needle more than we could have imagined. If cyber needs to be dynamic, holistic, ready for anything, and has people in the system... then I couldn't agree more- mindset, thinking, adapting, and communication are key. Really love this post, thank you Edward Tucker!!!
High-performance cybersecurity consultant that delivers
5 年In my opinion, attackers think in maps, auditors think in lists, and defenders onions; most of security operations are on the perimeter (outer layer of the onion), and depending on budget and knowledge of the core network, the organisation may have a soft core. But the security architecture is based on layers from outside - in. Graphing is a relatively new way of thinking, incorporating threat intelligence to drive specific threat profiles.
Founder of Brilliancy Deep Tech | World Class Complexity Scientist | Board Member | Quantum | Expert in Artificial Super Intelligence | Cyber Security | Supply Chain | Inventor | Blockchain | Futurist | Keynote Speaker
5 年Attackers don’t want to mess with systems that stop using traditional off the shelf software! The attacker’s walk right through that software!
Driving 5X Email Response Rates for Business Leaders with AI-Powered, Personalised Outreach.
5 年Its the how? Getting off the railway line and into the air when most reports, feedback etc are all "working on the railroad" .
Founder @ The Cyber Boardroom, Chief Scientist @ Glasswall, vCISO, vCTO and GenAI expert
5 年great post, and as Phil Huggins mentions above, the key is to think in graphs (and then in maps) Edward Tucker have you seen the presentations I published about thinking in graphs?