We Said/He Said: Protecting The Wrong Things



Ross Young came out this weekend with (another) excellent essay. It aligns completely with what we say here at Pythia Cyber.

The topic is aligning what your cybersecurity team protects with what the business needs protecting.

I'm pasting in Ross' main slide as it's excellent. These are what different stakeholders want in terms of "protection." Note that first what they want differs maybe from what you think they want. Second, what it takes to protect what different stakeholders want protecting is different. Third, and this is critical you need to do all of this.


We'll expect the tech leader to know how to protect different systems using different processes. The point from a behavioral science perspective is that tech leaders need the talent to get to know who wants what protected. It's not good enough to presume that you know better, or you have heard it before. Talented tech leaders deliberately create engagement with stakeholders to learn so that there are no missed expectations.

A cyberattack is the wrong time to find out you were looking for the wrong card in your deck.

Ask us how you can align the business of cybersecurity with the business of your organization.

(image credit: ZioDave, CC BY-SA 2.0 <https://creativecommons.org/licenses/by-sa/2.0>, via Wikimedia Commons)

Comments