For Better Security Operations, Speak to the Pack in its Native Tongue

Chase Cunningham

I have a huge German Shepherd that ranks only slightly behind my human children when it comes to being spoiled and how much attention he gets.  I’ve been working on training him for nearly a year now, and he amazes me with how intelligent he is. He knows all the basics: sit, stay, here, lay down, etc. But he also picked up detecting scents very quickly and is learning to detect things with his nose that I can’t even see with my eyes. And he does all of these things faster than most kids learn to break the Netflix password.  

The other day, working with him on his training points, I thought to myself, “Woah, my dog speaks human.” Not just English either. He speaks German (that’s the language he's trained in), and he totally understands it. I realized the problem is that I don't speak “Dog.” My dog knows about 30 human words, and they are words in a language his master has no business trying to pronounce, mind you. But he knows what those words mean, and he gets the tasking or request down every time they're uttered. He could look at me for an hour and bark, growl, howl, yip, or yelp constantly, and he could be telling me the cure for cancer and I wouldn’t know it.  

OK that’s interesting, but what does it have to do with better communication among techies?

Read more

Forrester’s Security & Risk Spotlight: CISO Expertise From Across The Pond

Stephanie Balaouras

2015 was a tumultuous year for CISOs. Breaches affecting The Home Depot, Anthem Blue Cross Blue Shield, and T-Mobile dominated the headlines worldwide and left no industry, region, or CISO unscathed. These unfortunate spotlights created a slew of negative infosec publicity along with panicked demands from business leaders and customers alike. How secure are we? Ask the CISO. How did this breach occur? Ask the CISO. Why did this breach occur? Ask the CISO. Could we have prevented it? Ask the CISO. How could we let this happen? Ask the CISO.

Yet, CISOs continue to struggle to gain clout and influence with the rest of the C-suite and sometimes it can feel like a thankless role. There is little recognition when you’re doing your job right, but you face a whirlwind of pain and blame the second something goes wrong. The world’s growing emphasis and focus on cybersecurity should be running parallel with the capabilities and reputation of the CISO. Instead, CISOs see their responsibilities increasing with only modest funding increases, recognition, or support from their fellow colleagues.

Read more

Forrester’s Security & Risk Research Spotlight: Make Customers The Focus Of Your Security Efforts

Stephanie Balaouras

Since I first became the research director of the Security & Risk team more than five years ago, security leaders have lamented the difficulty of aligning with the business and demonstrating real business value. Over the years, we’ve written an enormous amount of research about formal processes for aligning with business goals, provided key metrics to present to the board, and developed sophisticated models for estimating security ROI. Yet for many, demonstrating real business value continues to be a significant challenge. If it wasn’t for the 24 hour news cycle and a parade of high profile security breaches, chances are good, that security budgets would have been stagnant the last few years.

Read more

Lies, Damn Lies, Security Metrics, And Baseball

John Kindervag

The legendary British Prime Minister Benjamin Disraeli is said to have noted that “There are lies, damn lies, and statistics.” Much of the technology world is focused on statistics and metrics. You’ve often heard it said, “If I can’t measure it, it doesn’t exist.” Known as the McNamara fallacy — named after the business tycoon turned Vietnam-era Secretary of Defense — this famous idea failed miserably as a strategy. While it sounds good to the CEO’s ears, there is a corollary bubbling up below him that implicitly states that “If my boss wants to measure something that doesn’t exist, then I’ll invent it!”

Read more