Cybersecurity Polls and Week In Review

Read on for updates on the #HireThisHuman posts, results from two cybersecurity polls, upcoming events, and other thoughts of the week!

Hire This Human

We're 17 posts into introducing new job seekers to all of you. That's 46 job seekers currently, all who could use your help in landing their next job.

Here's the last two posts, and some thoughts I shared during the week:

• Post 17 - featuring Val Popke , Stephanie O. , DEUS NIBYO , and Matt Wehner
• Post 16 - featuring Melissa (Chapman) Magee, PMP, Prosci , Josh Young , Dishi Uttam , and Nayab Habib
• Some thoughts on these posts...

Cybersecurity Poll Results

I recently polled the Cybersecurity Frameworks and Maturity Models group on a few topics. Here's where it landed!

Too Many Frameworks?

There are a lot of cybersecurity frameworks, maturity models, security standards, governance models... COSO, COBIT, SOC2, SSAE 16, ISO 27001, NIST SP 800-53, NIST CSF, PCI-DSS, HI-TRUST, HIPAA, CIS, ...

Most organizations end up needing to operate under multiple of these - and spend a lot of time mapping their controls, procedures, and policies to all the frameworks and resolving gaps and inconsistencies.

Are we headed toward framework overload? Should we head toward a more comprehensive risk-based framework which matches our business and operations?

The overwhelming majority (80%) agreed simplification is the way to go. The conversation suggested having a primary framework which the maps out to the others, or just use third party compliance software, which manages the whole process.

Eleven percent felt things are fine they way they are, and then nine percent suggested another framework can't hurt. Of course, with how fast technology and compliance change, it's pretty likely the nine percent will get their wish.

Security Data Lake

At a CISO community event, the question came up - are you using a data lake to drive security insights/reporting? This is above and beyond your SIEM approach. Basically, take all the data you can from all the system events, and put them into your own data lake. Then, run your own analysis and reporting against it. SIEMs work like this already, but with more automated analysis.

More than half (58%) reported they have already created a cybersecurity data lake. Almost a third (31%) have no plans. Only 12% have it on a roadmap. Given the power this tool can add to a SOC, it's not surprising so many have already implemented it!

Upcoming Events

Designing and Coding Durable Functions in Azure

LinkedIn Live Audio with John Ellison

Friday, March 10, 2023, 8:30 am EST

Link to be provided

March Cybersecurity Coffee Chat

LinkedIn Live Audio with all of you!

Friday, March 17, 2023, 8:30 am EST

Link to be provided

Week in Review

I attended the Georgia Technology and Privacy Law Forum this past week - so had lots of legal implications of technology and privacy on the mind. It was also a week of reflecting on success and goals and of continuing my startups and compliance series.

Here's what was on the mind:

• February Cybersecurity Update
• Goals - and how to tie actions to them
• Success depends on others
• On LinkedIn and the Repost feature
• Startups - how does your sales and compliance get along?
• Startups - are you thinking business continuity?

In Conclusion

Cybersecurity, Governance, Risk, and Compliance should be on every business's radar, whether Fortune 50 or just starting up. These issues only get harder to fix the bigger you get. Like with anything - setting your goals, planning your related actions, in business, or in life, are key steps in creating your own success!

As always, thanks for reading!

If you want to keep up with everything I’m posting, click on my profile, click Follow (+) and the bell (🔔) to be notified when I post! 

Check out #ebspoke for more of my recent posts here...