My Cybersecurity Wish List
Bill Bernard
Entrepreneurial Cybersecurity Field CTO focused on driving high impact value based sales teams, meaningful customer interactions, and impactful messaging to match quality cybersecurity solutions with those who need them
Dear Security Claus,
I've tried to be a good Cybersecurity practitioner this year, and I know that you'll check my identity twice before determining if I was naughty or nice, but I'm hoping to find a few things from you under my tree this season:
Security programs leading tech conversions, not following. OK, this is kind of a big one, but I'd really wish this holiday season to find security programs anticipating the needs of their businesses and paving the way for innovation, rather than following behind trying to bolt security onto stuff that the business has already done.
Investment in entry level resources. Security Claus, I know they're out there, the college grads and job switchers who want to get into our industry. I'd love to see more emphasis on taking risks on eager but inexperienced resources in our security programs. Goodness knows there's enough work to go around.
An end to SMS based MFA. I know, I asked for MFA just a couple years ago, but I really should have been more specific, my bad. But I think you can agree, I'm not just thinking about myself with this one, and isn't that what the spirit of the season is all about?
领英推荐
CISOs as members of executive leadership, not middle management. With their own budgets to fight for, and their own interaction with the strategic discussions for their organizations, CISOs need to be at this level. Of course we have to earn the right to keep those positions too, but it's well past time the CISO wasn't a peer of the C-suite.
Standardization on breach reporting. I know, this one is right up there with world peace, but I'm putting it on here anyway. Between 50 states with different PII reporting requirements, PCI's requirements, HIPAA's requirements, the FTC's requirements, DHS's requirements...well let's just say that we have limited enough budgets in CyberSecurity and the less we have to spend on lawyers to sort out all these breach reporting requirements the better. Don't get me wrong, I know we need to make these reports, but could we maybe standardize just a little between all these overlapping authorities and requirements? Even our peers in Accounting don't have it this bad, do they?
A ransomware free 2023! I'm going out with a bang here Security Claus. It would mean a lot to me if ransomware was a thing of the past for 2023. Please see what you can do.
I know I haven't been perfect, I've reused a password here and there, but I've tried to be a good CyberSecurity practitioner, so I hope you'll bring me a few things from my wishlist.