Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management

    How Can Cybersecurity Be Improved? 90 Day Cybersecurity Guide

    Well-defined systems promote cybersecurity for more than the tech stack does. Here's a guide to getting the right processes in place.

    By
    eWEEK EDITORS
    -
    March 14, 2022
    Share
    Facebook
    Twitter
    Linkedin
      cloud deployments

      Being the C-suite officer in charge of security requires handling significant pressure.  Cybercriminals are thriving; in 2021, the average cost of a data breach rose 10% and there were 17% more data breaches than in 2020.

      Whether you’re new to the role of Chief Information Security Officer (CISO) or a seasoned CISO at a new organization, it’s critical to make an impact in the first 90 days at the job. Your actions in the first 90 days will lay the groundwork for your tenure or failure.

      It is easy to fall prey to Shiny Object Syndrome and tempting to knock out every high-visibility task on your to-do list so you look (and feel) as if you’re getting things done. But the surest way to pave a path to success is to methodically and thoughtfully make a 90-day plan and stick to it.

      This nine-step, week-by-week roadmap will guide you through crafting a competent cybersecurity program, driving digital transformation at your organization and leveraging SaaS technology to accelerate business plans and reduce operating costs.

      Also see: The Successful CISO: How to Build Stakeholder Trust

      Weeks 1-3: Identify and Understand Business Risk

      In the first three weeks of your employment, learn about the business – the whole business. Explore how it operates, where dispersed teams are located, how the company addresses its market and provides services and goods. This is your opportunity to develop a deep understanding of the organization’s go-to-market strategy and supply chain.

      Set up as many meetings as you can with other C-suite executives, the board of directors, and other company leaders to gain intimate insights into their business functions and responsibilities. Meetings with other technology officers is the best way to get a grip on the greater organizational tech stack, too.

      In these first three exploratory weeks, gauge leadership’s willingness to shift left with security during the development cycle; shifting security left in the development lifecycle reduces costs and increases reliability by baking in security from the get-go.

      Weeks 4-5: Get a Feel For the Organization’s Tech Processes and Begin Developing Your Team


      Well-defined processes have a greater impact on cybersecurity than the tech stack does. In the fourth and fifth weeks of your new CISO role, meet with your team to learn about the processes in place, especially around project, incident and account lifecycle management.

      Find out what’s working and what is not. Ask for any documented standards available and create a list of which processes and technologies lack documentation. Next, meet with other technology teams to identify which tech and processes overlap with your scope. Repeat the same exercise you did with your own team.

      It’s also time to start getting to know your team well. Take one-on-one time to ascertain their career goals, and explore how you can help them meet those goals. Find out what training and professional development they’re interested in, what types of training the company has provided in the past, and then follow up with human resources to learn about career paths for your team’s growth.

      This is a perfect time to discuss automation with your team members – they probably have ideas about where automation could benefit the organization.

      Also see: Secure Access Service Edge: Big Benefits, Big Challenges

      Week 6: Build a Strategy

      Now that you’ve gathered information, it’s time to plan. Build a strategy to:

      • Meet the organization’s overarching business strategy, objectives and goals.
      • Meet your staff’s career goals and objectives.
      • Augment staff with automation by alleviating them of repetitive, tedious tasks.
      • Assess cyber risks facing the organization as one critical, holistic gap.
      • Shift security left in the development lifecycle.
      • Encourage SaaS adoption.
      • Move all IT to a zero-trust architecture.

      Week 7: Finalize Your Strategy and Begin Plan Implementation

      It’s your seventh week, and your strategy and plan are good to go. Your next step is to run your strategy by your peers. Get feedback, be receptive to it, make adjustments, then present it to your executive committee for approval.

      After it’s been approved, collaborate with the appropriate team(s) to identify tactics that will drive success. Collaboration is key here – it will cultivate rapport and help your new colleagues build trust in you. Then, start implementing your strategy.

      Also see: Top Digital Transformation Companies

      Week 8: Get Agile

      Transitioning your team to Agile project management methodology will ensure fast wins of functional elements.

      If your team is small, scrums will be appropriate and effective. If your organization already works on sprints, align your team’s sprint cycle with the engineering team’s duration. If no one else uses sprints, set your cycle to three-week sprints.

      Week 9: Start Measuring and Reporting

      You may or may not have access to historic reports when you start as a CISO. Either way, week nine is the right time to kickstart new benchmarks and a regular cycle of measuring and reporting back to your peers and to the executive committee.

      Make sure to give credit to your staff and the other departments you work with! By nurturing the good will you established in your first several weeks, you’ll have stronger relationships with your colleagues – and that’s not a bad thing when you have to point out problems and gaps.

      As your reporting becomes regular, start educating and communicating about cybersecurity to the whole organization. Encourage partnership, engagement, and celebrate successes rather than focusing on problems. Create a “security champions” program across departments in which your champions are encouraged to report when things go wrong and rewarded for engaging.

      Also see: Best Website Scanners 

      Week 10: Conduct a Thorough Pen Test

      Penetration testing is how you will get some data on how bad things really are. You should plan for, schedule, and execute a thorough pen test (or red team exercise) of the infrastructure and applications.

      Find a pen-test partner that follows either the PTES or OSSTMM 3 methodology for infrastructure testing and that uses the OWASP testing framework for each application.

      Week 11: Get Moving on a Zero Trust Authentication Framework

      Transitioning to a zero-trust authentication (ZTA) framework is a crucial step in your first 90 days as a CISO.

      In a ZTA, users are not given access by default, but they’re given access once they’re authenticated. A ZTA will enhance the security posture of your organization. The first step of your ZTA should be to begin sunsetting passwords wherever possible and transitioning to secure multi-factor authentication (MFA).

      Also see: Secure Access Service Edge: Big Benefits, Big Challenges

      Week 12: Evaluate SaaS Providers

      Starting your new CISO role by diving into buying guides and SaaS-vendor comparisons is tempting, but it makes much more sense to do this once you have a grasp of the company, your strategy, the existing tech stack and budgets.

      When you begin evaluating SaaS providers, certify prospective vendors’ compliance with the CSA CCM, registration in the CSA STAR Alliance, or at the minimum, SOC 2 type 2 attestation.

      If you evaluate vendors that do not meet these criteria, you will need to develop a thorough program to evaluate their security. It’s critical to evaluate SaaS vendors against objective, third-party assessments and not simply the vendor’s shiniest marketing efforts.

      90 Days Down

      Following this roadmap will help you reach your 90th day with a solid foundation: a functioning cybersecurity team, data baselines for repeatable reporting, trust and rapport with new colleagues and teams, a list of opportunities for digital transformation, and an intimate understanding of most facets of the organization.

      Congratulations on your first 90 days!

      Also see: Tech Predictions for 2022: Cloud, Data, Cybersecurity, AI and More

      About the author:

      Eyal Gruner is the Co-founder and CEO of Cynet

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×