Developing your Security Program: Part 3?-?The Puzzle Pieces of a Cybersecurity Program

Developing your Security Program: Part 3 — The Puzzle Pieces of a Cybersecurity Program

In part two of this series, we discuss looking at developing your cybersecurity program from the current state assessment to creating strategic projects to get them started. However, without knowing all the pieces to the cybersecurity program puzzle, you could be missing that critical piece and not even realize it.

As we previously discussed, the goal of an information security program is not simply to add controls or say that one is doing information security but to enable and transform the organization through the use and implementation of the different puzzle pieces of the program. All these pieces mean that the growth and enablement of these programs drive business needs like cost reduction, brand protection, organizational integration, regulatory compliance, sales enablement, and more.

All these puzzle pieces will change their form based on the size and needs of the organization; for example, the information security program and its resources location change based on the organization’s needs. Initially, the CISO might report to the CIO, CTO, CRO, or another C-Level position as the business looks to scale and focuses on rapid sales enablement via security programs. In this stage, the security program might concentrate on helping develop and roll out products, helping demonstrate to customers that their information or organization is safe and should use this product, all while helping to drive sales and scale. As things grow, they might pivot to create their organization, look to centralize the resources, and drive standardization to stabilize the organization, focusing on more significant trust, regulator, and safety issues. As things continue to grow, they might pivot back to integrating resources into business units like BISOs and Security Champions. They are looking to scale their reach back into the business groups and help them enable themselves again through security as “left” or as early as the creativity of the product or services. These shifts will allow them to still benefit from the larger centralized security organization by looking at the larger organizational strategy and function.

As you can see, many other pieces to the security puzzle can and will eventually help to grow, scale and enable the business. A security leader is more than just one leading the information security program, but she is a true business partner in helping to solve and allow the organization’s core mission. Security leaders come in different shapes and sizes; some have titles like CISO, while others might be security champions helping developers code/build/release with minimal bugs and vulnerability, leading to less re-work or a streamlined vulnerability management program.

Article originally posted on my Medium Blog ; follow me there.

If you have questions about becoming the security leader you desire to be and how coaching can help you, reach out to me at https://cpf-coaching.com