Welcome to a few thoughts on cybersecurity, and some occasional photography.
We’re becoming immune to the news about the latest data breach, and yet folks don’t change their own security practices. Often that’s because they don’t know where to start. Other times it’s because they’re focused on hitting the checkboxes for a compliance audit.
Cybersecurity tries to solve age-old problems using high tech solutions in a repeatable way (hence the clockwork in the logo). But the real power comes when we change how people think, and that means showing the way through the darkness (the lantern).
So that’s the purpose of this blog: to go through the smoke and past the mirrors and get beyond the FUD*.
Please note, all of the comments, opinions, and content on this site are my own and do not necessarily reflect the views of IBM.
* FUD – Fear, Uncertainty, and Doubt
State of Security
We’re in an era of industrialized threats that are increasing in size, scope, and sophistication. Hackers are your organization’s strongest competitive threat. To protect your business, we must begin with a fundamental question: do you fully understand how you get from customer to cash?
From that, how do you establish an effective security program aligned to business risk? Understanding the relevance of an event or threat in the context of your business is more valuable than being able to run an asset compliance report. Metrics are meaningless unless prioritized by threats and vulnerabilities – risk – to your business. Security workflow – instrumenting, collecting, analyzing, understanding, and responding to events, all relies on having the right information at the right time.
Unfortunately, security teams often play second fiddle to audit and compliance and focused on just meeting contractual or regulatory requirements, or are hidden within IT and only consider technical risk. That simply is no longer adequate, and your board knows it. When your breach goes public, you have liability to your victims, your business stakeholders, the government and ultimately your investors.
So what’s driving your security decisions: audit and compliance or real-world business risk?
I can help move your CyberSecurity program from yesterday’s reactive, compliance-oriented model to a forward-looking, risk-focused approach. My driver is your security need – it’s not about the latest and greatest tool or service, it’s about protecting your business reputation and cash flow.
Your brand and your career are on the line. We need to move through the smoke, past the mirrors, get beyond the FUD, and address security as an industrialized problem that needs tailored holistic solutions to reduce business – not just IT – risk.
My team and I can help – please reach out and connect.
Doug Lhotka, CISSP-ISSAP
Executive Security Architect
Doug leads the IBM North America Security Architects. He coaches a team of talented architects and guides them as they mature and grow their skills in a evolving and dynamic field. As a practicing architect, he leverages his expertise in cyber security, IT governance, artificial intelligence and enterprise architecture to help security and business executives manage risk and secure strategic initiatives.
He earned a Bachelor’s degree in Computer Science, Anthropology, and Psychology, and a Master’s degree in Engineering Management from the University of Colorado, where his advanced work focused on managing risk in an early form of cloud computing. Over his career, he has worked with clients of all sizes across many industries.
Doug served on the advisory board for the Engineering Management program at CU Boulder and is a member of ISC2, ISACA and a senior member of IEEE. He has authored patents, papers and books on subjects ranging from photographic lighting and human factors to architecture governance and 3D printing for fine art. He is in high demand as a speaker and panelist on cybersecurity for executive, business, security and end-user audiences.
An avid outdoorsman and photographer, Doug lives in the Colorado forest with his wife and their four-footed & hoofed children. He spends as much of his time as he can not doing security work in the Rocky Mountains.