How To Establish Messaging & Mentoring During The Selection Of A Cyber Security Platform
If you’re new to cyber security, at some point in your future, you will be required to quantify why you should purchase the platform(s) you want to purchase, and using fear of breach as a motivating factor will only get you so far. But, what should your message to purchase focus on? What problems, points, or questions should you circle your answers around? How do you establish a theme while aligning on the purchase of a platform? How do you reduce risk while enabling the business? Can messaging and mentoring co-exist? Is there an opportunity to establish a transferable strategic thinking skill while also establishing a repeatable approach framework for management? Stay tuned.
Overarching Vision & Approach
One of the CISO’s primary roles is to declare, clearly document, and share an overarching vision and approach that inspires the organization into empowered action. If a cyber security platform or tool is required, it must be eliminating or closing a gap, and for a gap to exist, there must be something desired. The CISO’s vision and approach document the desired Northstar. Here’s an example:
The critical points in the vision and approach are bolded to signify what the leaders should key in on when engineers and architects present recommended solutions.
Establishing The Point
Now that the organization has a heading and a general description of the vehicle, teams can commence customizations to enhance the journey. Some questions to answer are:
- What does your customization enhance?
- What does your customization prevent or address?
- What’s the theme that encompasses your customization(s)?
- How does your customization directly align with the vision?
- How does your customization fulfill the requirements in the approach?
Let’s walk through an example of a threat intelligence platform.
A threat intelligence platform (TIP) will improve security posture.
- A TIP enhances my knowledge of relevant threats operating within my business vertical.
- A TIP improves my ability to prevent & detect business-specific relevant threat vectors by integrating with existing systems.
- A TIP aligns with the vision by improving the security efficacy of these integrated systems.
Running this objective through the questions above provides the following.
A threat intelligence platform (TIP) will improve the security efficacy of any integrated system(s) by increasing awareness of relevant threats within the system.
Clean-Up Vagueness & Gather Details
Answer the questions below to detail the broad points made within the initial outline.
- What are the integrated systems?
- What do relevant threats consist of?
- What will be provided to each integrated system about each relevant threat, and how will this be done?
- What existing platforms requirements must this platform meet?
This detail solidifies the scope while also identifying requirements.
- Will any other tech be replaced or displaced, and if so, how much does those cost to operate?
- What test cases are required to validate integration, operation, and viability?
- How does this capability enhance the overall maturity of the organization?
- What KPIs measure implementation progress, completion, and ongoing efficacy?
The Final Product
All actions taken within an enterprise offer the organization an opportunity to train and mentor its associates while also providing an opportunity to establish reference patterns to speed up delivery and ensure key core concepts are addressed. The result is thorough messaging, well-thought-out conversations, recommendations, and decisions. Scope, interdependencies, and integration requirements are clear.
I believe messaging, and mentoring deliverables can co-exist on all work items. Do you?
