Cyber Security Roadmap – Do You Really Need One?

Organisations on a global scale are seeking and planning for Utopia when it comes to pre-empting, crafting, and configuring easy-to-understand and execute cyber strategies. And while the only certainty we have in cyber security is the continuous evolution and sophistication of the threat landscape, how can organisations manage and mitigate cyber risk for the short, medium, and long term?

We’re operating in a world battling with choice

Analysis paralysis is a reality for CISOs. It’s been part of our job since we started learning our craft from the ground up in a world where firefighting was the only thing that ever mattered.  As critical talent, we’re moving roles, industries, technologies, and vendors, in addition to managing people and workspaces, in order to adjust and adapt in ways we could never have foreseen. And it’s a trend which is set to continue.

Goals, objectives, and security maturity

There are critical questions that need to be asked in order to set the scene for your security roadmap.

• What is it that you’re trying to achieve?
• Is there a vision you need to align to?
• What are your challenges and opportunities?
• Which tools, technologies and resources are you using?
• Are they delivering the value you expected?
• How could you use them to better achieve your goals?
• At an industry level, what are the trends and predictions you need to consider?
• What learnings can you take from other organisations?
• What use cases, resources and partners are there to support your thinking?

It may seem chaotic, and challenging, when at the end of the day, all your stakeholders want is your assurances that the organisation (and its data!) is safe, but the answers to these questions are needed to steer your path to safety as you’re building your security roadmap – whether in-house with your team, or alongside a partner.

Road-mapping your way out of the chaos

Using a roadmap to shift thinking from ‘what has always been’ into ‘where are the opportunities and possibilities?’ is a great way to kick off leadership transitions. If you’re a CISO dealing with legacy issues and archaic – or worse yet, parochial – thinking, building a roadmap together can inspire connectedness and investment for the long-term.

When you’re stuck in the weeds, it’s important to step away, to get some objectivity. Engaging external perspectives can be the catalyst needed to propel new thinking. By bringing together critical minds in a mission to protect people, assets, and IP in a sustainable way, inspires confidence and builds momentum for the future.

Strategies that live and breathe

Creating a roadmap is really just the beginning. Turning it into a living, breathing and practical plan, owned and shared across the organisation and updated regularly will ensure the latest risks and opportunities are addressed, and the plan adjusted accordingly.  Leaving it in a folder gathering virtual or actual dust, isn’t sustainable, and in the end will leave your organisation and stakeholders exposed.

Of course, you can download a security framework to plug information into… or ask one of the big-name firms to do it for you at an exorbitant cost. However, the true value of roadmaps comes from building a tailored, targeted, considered, and whole-of-entity approach to cyber security – as a team.

Experience and pragmatism over templates

Templates serve a purpose, and I don’t want to give the impression that we don’t view them as critical.  However, a template is a framework, or if you prefer, the foundation, on which you create your customised security roadmap.  It’s no different to how you develop your own organisational systems and processes for anything else – you start with a foundation, and you adjust and tweak to make it fit your needs.

Importantly, I need to emphasise that when I say security roadmap, I’m not referring to a consultant with a template and a bunch of graduates, but rather an experienced partner who is invested in your outcomes, who takes time to understand what matters to your organisation and applies cyber knowledge through a commercial lens.  This is a roadmap which addresses your industry needs, with your strategy, technologies, resources, competitors, challenges, and opportunities front of mind – not someone else’s.