And so to the future
Any excuse...

And so to the future

What CSF did so brilliantly was to single-handedly turn Security from a bunch of technical controls into an end-to-end set of processes within a capability model. Suddenly, Security went from being an unimaginable spaghetti of interlinked technologies, to a set of tasks, for people. If (and only if) those tasks could be automated, THEN we would replace them with a tool.

This gave me the governance I was looking for - not paper policies and standards, but ownership of controls at multiple levels of organisation. Over time I have come to recognise that this gives so much else - gap analysis of the framework can identify areas requiring maturing with people, process or tooling; it can identify a target operating model, org chart, help drive costs; it helped me build and deliver projects, business cases, a security programme and a business plan. A powerful tool.

But as I developed these things, I realised there was one element that it could also give me that was gold dust to a CISO - Executive reporting, which in turn could help me deliver value back to the business at long last.

No alt text provided for this image

This was literally the point at which I decided I was finally "good enough" to become a CISO, and by dint of fate I was approached for a role soon after. I applied this model, which I had done as a consultant twice previously and the effects were staggering to me.

So now I've taken a step back, collecting the data to provide this value back to the business was time consuming, analysing it even more so. I knew it was possible to do this with a database, if only the collection tooling existed. It didn't, so I am now building it at Procordr along with my co-founder, Phil.

This journey has taken me over 20 years, and I find myself looking at the problem afresh as we decide how to turn this into reality. I'm engaging with CISOs as advisors, investors and potential customers - somewhat easier as they are my friends and peers, but the messaging and marketing is still very hard. 20 years into a 3 minute pitch.

If you'd like to be a part of where we take the story next, drop me a line, a DM, an email or even just a like.

Rob Newby

Head of Security Business Engagement | Security Strategy, Cybersecurity

4 年
回复
Rob Newby

Head of Security Business Engagement | Security Strategy, Cybersecurity

4 年
回复
Avinash Yadav √

? BEST SELLER - I Help Aspiring Pentesters Land High-Paying Jobs, No Experience Needed, Using the Attractive-Reality Method!

4 年

Hey man.. what are the roles & responsibilities of yours as a CISO?

回复

要查看或添加评论,请登录

Rob Newby的更多文章

  • The Security Disillusion?

    The Security Disillusion?

    “I’m wondering if Security is the right field now. The more you move into leadership roles, the more I feel it’s a bad…

    18 条评论
  • Infinite Improvement

    Infinite Improvement

    If you aren't already familiar with the process maturity, improvement and the Cyber Security Framework, these articles…

    1 条评论
  • Focus on Process

    Focus on Process

    During the period where I was learning Risk Management (2000-2010), businesses started to realise the importance of…

  • Security - A Primer for the Business

    Security - A Primer for the Business

    If you are new to Security, it can be confusing, full of technical jargon and occasionally sneery as technical folks…

    3 条评论
  • Great Unsolved Security Problems – Part 3: The Future, Now

    Great Unsolved Security Problems – Part 3: The Future, Now

    Today, now, right now we are living through one of the greatest changes in several generations, CIOs are being praised…

  • Great Unsolved Security Problems – Part 2: Present problems

    Great Unsolved Security Problems – Part 2: Present problems

    Yesterday I wrote about how Security is perceived by the business, and how that is preserved by historical issues of…

    4 条评论
  • Great Unsolved Security Problems - Part I: Historical Problems

    Great Unsolved Security Problems - Part I: Historical Problems

    I saw a great question on here this week asking what the biggest unsolved problem in Security is. I rolled out an…

    2 条评论
  • Dell sells RSA - what's in a market?

    Dell sells RSA - what's in a market?

    Dell sold RSA to Symphony Technology Group, a PE firm, last week. I'm sure you've heard by now.

  • Election Special (ish)

    Election Special (ish)

    My last post got a lot of attention from other CISOs, all loudly agreeing with my point of view. I’ve made a few new…

    5 条评论
  • What makes a good CISO?

    What makes a good CISO?

    CISOs and Security Programme Managers (hereafter SPMs) can be a very powerful combination in delivery, or the…

    18 条评论

社区洞察

其他会员也浏览了