CISOs Need Teamwork & A Strategic Framework

NIST Enterprise Architecture Model

Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

Given his background, Cabrera is eminently qualified for offering insight about information security challenges in both the government and the private sector.

Freedom to innovate

While serving in the US Secret Service, Cabrera lead information security, cyber investigative, and protective programs. “I lean on this experience and trusted partnerships daily to understand emerging threats but also to help develop resilient risk management strategies for Trend Micro and its Fortune 500 clients and strategic partners,” he says.

As you can imagine, working for the government has its unique challenges, and it’s not just about the paycheck.

“The differences are in perspective and mission. With that said, there is definitely a level of freedom found in the private sector that isn’t found in government. But the most significant freedom is the freedom to innovate. The speed and agility of innovation is incredible. I think that’s where the private industry, specifically cybersecurity companies, excel and can really help law enforcement, as well as the public sector at large, mitigate and eradicate the dynamic threats we see daily,” he explains.

The big picture

Companies may not fully understand the nature of modern threats, and simply placing a higher priority on security may not lead to improved measures, according to a CompTIA survey.

When asked what advice he would give to those new to the CISO position, Cabrera emphasized the importance of teamwork. “Listen! Listen to your direct reports. Listen to your organization’s business units or divisions. Listen to your partners in your sector and most of all listen to your partners in government,” says Cabrera.

“Cybercriminals have incredible networks that now allow them to automate and orchestrate their criminal enterprises. They do so by scaling trust within these criminal undergrounds. We need to do the same. The only way to defeat a network is to be a network. This requires much more trust on our side. We currently suffer from a trust deficit between private industry and government that will only be overcome by working closer together,” he concluded.

Strengthening your cybersecurity strategy

When it comes to the essential steps for strengthening and refining cybersecurity strategy in a large organization, Cabrera believes that a framework really comes first.

Unsurprisingly, he’s a big fan of the NIST Cybersecurity Framework, which consists of standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. It was created by the National Institute of Standards and Technology (NIST) in partnership with the US Department of Homeland Security and the private sector.

It allows organizations to shift from old static information security best practices to proactive cybersecurity risk management standards. It maps existing industry standards such as NIST and the International Standardization Organization (ISO) to five core functions: identify, protect, detect, respond, and recover.

“The framework is critical for CISOs and their teams to build a cohesive strategy to brief up to the board room as well as down to the server room and apply the critical resources where they are needed most,” says Cabrera.

According to the information technology research company Gartner, the framework is now used by 30 percent of US organizations, and that number is projected to reach 50 percent by 2020.

A look into the future

We are in the midst of an Internet of Things explosion. 76% of companies interviewed by Vodafone believe that taking advantage of IoT technologies will be critical for the future success of any organization.

“Advances in technology are improving all aspects of our lives, however it is equally improving the lives of cybercriminals. With each new advancement there is a new opportunity for them to target, attack and monetize,” says Cabrera.

While 63% of companies have IoT devices already deployed, only 34% have security measures in place, indicating that the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

“A layered connected threat defense using Big Data analytics and machine learning will be required to bring together often disparate and overlapping security stacks where visibility and control are the biggest challenges. It is needed today but will be essential in the coming years for CISOs and their teams,” explains Cabrera.

HelpNetSecurity

 

« New Airport Security Technology
Google Uses AI To Save On It’s Energy Bills »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.