Enough Theory, Let's Talk Practice

There are no participation trophies for cybersecurity: your efforts either help maximize authorized access to your vital systems and data while minimized unauthorized access, or your effort do not. Sadly, it doesn't matter how much time or effort or money you spend on cybersecurity, all that matters are the results.

Much of what is written about cybersecurity is theoretical because the practice of cybersecurity is messy and doesn't make for good sound bites or pretty pictures. A large part of what makes cybersecurity effective (or ineffective) is human behavior; even if your technology game is top notch, you are still as vulnerable as every one of your colleague's behavior makes you.

This is why Pythia Cyber's unique approach is to build in the Behavioral Science from the start. No dropping in technology or policy and walking away. We do the usual surveys of your technology and follow the NIST CSF cybersecurity model (Identify, Protect, Detect, Respond, Recover) but we also assess your organization's openness to change and your people's leadership skills because these things matter in the real world.

Technology has bugs. People make mistakes. This is why we stress building evidence-based cybersecurity Programs. You need to know what is actually going on, what outsiders are actually doing in the way of probing your systems and what insiders are actually doing in the way of using your systems. You need to check the logs and transactions and you need to keep track of when you check, what you find and what you do not find. Someone needs to check the checking to make sure that checking is happening. No news is rarely good news in the Cyber Defense arena: no news all to often means no checking.

We have a longer-than-usual video on the practical challenges of implementing cybersecurity on our YouTube channel.