Many times, I am asked about the challenges of putting together a strong cybersecurity posture. And it runs the gamut of questions from is it expensive? Or how do you find the right CISCO? Or what are the good tools to use to bring your strategy to life? But occasionally I get the question or the objection that it is complicated. And that is a more useful question. It is a question that gets to the root of what the problem is in the first place.
You see most business issues come down to a few fundamentals. Some basics that we have learned, and we have learned how to apply them. It is not just giving the issue more money, or more people. It is more than that. And cybersecurity strategy is no different.
What Is Hard
Why does cybersecurity seem so complex? Because it is. It is complicated and laborious and tedious and can require lots of experience and perseverance. If you are a cybersecurity engineer. However, you are not and are never expected to be. But what you are expected to be is a leader of your company through all its challenges.
And this leadership requires you to also lead in the area of cybersecurity. So yes, it is simple. You will need to provide the leadership and the organization control to steer your company through these treacherous waters but not be a cybersecurity expert. It is a simple plan but hard to execute.
How Is It Done
It is done like any other complex task your company is faced with. You are a manufacturer of automobiles, the average car has over 25 computers in it. It is practically a rolling computer network with some seats in it. Are you a computer expert? No, you are an executive that runs a company that utilizes a computer. Same with cybersecurity. It is a complex endeavor and it requires some people with specialized knowledge. Such as CISO’s, cybersecurity engineers, cybersecurity specialists, trusted advisors. Both inside and outside the company.
But most importantly it requires a plan to get you started. A posture or vision of what your cybersecurity should look like. Give it form and direction. And the people above will give it shape and substance. Show your interest in this critical area throughout your dealings within the company and your supply chain. And your employees and partners will follow you to its logical conclusion. It is simple but it is also hard. As with most things it is the execution that counts the most.