Welcome to a few thoughts on cybersecurity, and some occasional photography.

We’re becoming immune to the news about the latest data breach, and yet folks don’t change their own security practices.   Often that’s because they don’t know where to start. Other times it’s because they’re focused on hitting the checkboxes for a compliance audit.

Cybersecurity tries to solve age-old problems using high tech solutions in a repeatable way (hence the clockwork in the logo). But the real power comes when we change how people think, and that means showing the way through the darkness (the lantern).

So that’s the purpose of this blog: to go through the smoke and past the mirrors and get beyond the FUD*.

Please note, all of the comments, opinions, and content on this site are my own and do not necessarily reflect the views of IBM.

* FUD – Fear, Uncertainty, and Doubt

State of Security

We’re in an era of industrialized threats that are increasing in size, scope, and sophistication. Hackers are your organization’s strongest competitive threat. To protect your business, we must begin with a fundamental question: do you fully understand how you get from customer to cash?

From that, how do you establish an effective security program aligned to business risk? Understanding the relevance of an event or threat in the context of your business is more valuable than being able to run an asset compliance report. Metrics are meaningless unless prioritized by threats and vulnerabilities – risk – to your business. Security workflow – instrumenting, collecting, analyzing, understanding, and responding to events, all relies on having the right information at the right time.

Unfortunately, security teams often play second fiddle to audit and compliance and focused on just meeting contractual or regulatory requirements, or are hidden within IT and only consider technical risk. That simply is no longer adequate, and your board knows it. When your breach goes public, you have liability to your victims, your business stakeholders, the government and ultimately your investors.

So what’s driving your security decisions: audit and compliance or real-world business risk?

I can help move your CyberSecurity program from yesterday’s reactive, compliance-oriented model to a forward-looking, risk-focused approach. My driver is your security need – it’s not about the latest and greatest tool or service, it’s about protecting your business reputation and cash flow.

Your brand and your career are on the line. We need to move through the smoke, past the mirrors, get beyond the FUD, and address security as an industrialized problem that needs tailored holistic solutions to reduce business – not just IT – risk.

My team and I can help – please reach out and connect.


Doug Lhotka, CISSP-ISSAP

Executive Cybersecurity Architect

Doug leads the IBM North America Security Architect program. As a practicing architect, he leverages his expertise in cyber & cognitive security, IT governance, and enterprise architecture to help security leaders address industrialized threats, manage organizational risk and enable strategic business initiatives.

He earned a Bachelor’s degree in Computer Science, Anthropology, and Psychology/Cognitive Science and a Master of Engineering in Engineering Management, both from the University of Colorado, where his research work focused on managing architectural risk in cloud computing. Over his career, he has worked with clients of all sizes across many industries including retail, chemical & petroleum, travel & transportation, media and entertainment, healthcare, government, energy & utility, telecommunications, and insurance & financial services.

He served on the advisory board for the Engineering Management program at CU Boulder, is a member of ISC2 and a senior member of IEEE. He has several patents and papers on subjects ranging from photographic lighting to human computer interaction and architecture governance. An accomplished speaker and author, including a recent book on 3D printing for fine art, his latest book, tentatively titled Cyber Security: Beyond Controls is in development.

An avid outdoorsman and photographer, Doug lives in Colorado with his wife and their four-footed & hoofed children. He spends as much of his time as he can not doing security work in the Rocky Mountains.

, ,

No comments yet.

Leave a Reply

Powered by WordPress. Designed by WooThemes