Episode 15 + 16 - Building Process in Cybersecurity

Last episode we intended to talk about how to attack competing priorities

What we ended up doing is outlining a mental model for looking at defensive security – from an execution standpoint

One we’ve developed and put into practice through the products and services of Outpost Security

Notes:

Foundation is the universe of Data – which falls into 5 distinct buckets

We use this data in defensive security to:

Priority of execution / focus rubric of investment / prioritization matrix is then:

Claim / Hypothesis => ALL companies will get the greatest/fastest ROI (security, maturity, financial) returns from investing in process.

The way you are doing things now – is your process

Creating process is an exercise in change

Our favorite framework for change is “Switch”, heathbrothers.com/download/switch-framework.pdf

Elephant / Rider => Competing forces

Direct the Rider

Follow the bright spots – for us this is unlocking the power of ES w/ RBA
Script the Critical moves – this is what we talk about when we implement ES & RBA

Point to the destination – we call it “end-to-end” RBA alerting – getting teams to see / feel the future that’s possible

Motivate the Elephant

Find the feeling
Shrink the change - we do this via our “use case” scoping the app – but we’ve talked about this in the past – start with 2-3 data sources
Grow your people – this the “formalization” / “scaling” of the feeling, once you found it

One feeling => repeat it to build “muscle memory”
Training is essential to success – not training of the tool – but how to use the tool to make the people more successful.

Shape the path

Tweak the environment – again – with the ZERO to ONE app we always start with “tweaking”
Build Habits – training => muscle memory
Rally the heard – “scale” or “operationalize” – turn the “feeling” into an operating system

Join the rba