THOUGHT LEADERSHIP: 5 Lessons From The Breach We Didn't Have
From the LinkedIn of Brad Thornwell-Pierce, CISSP, CISM, CRISC, CISA, CCSP, CEH, Sec+, and recent recipient of the "Cyber Visionary Under 50" award from a publication he had not previously heard of.
5 Lessons From The Breach We Didn't Have
This week, our organization successfully prevented a breach. You didn't hear about it — because it didn't happen. That's the point.
Here are 5 things every CISO can learn from the incident that wasn't:
- Culture is everything. I have spent 18 months building a culture of security. Last week, that culture paid dividends. Specifically, my IT team patched a server.
- The board needs to hear from us. I briefed the board on the non-incident. They were impressed by my proactivity. One member asked what a "server" is. I said it doesn't matter.
- Zero Trust is a journey, not a destination. We are 14% of the way there, according to a maturity model I commissioned from a consulting firm whose name I am still learning to pronounce.
- Invest in your people. I have invested $4.7M in tooling this year. My people, specifically, will receive a pizza party in Q4 pending CFO approval.
- Lead from the front. I led this initiative from the front. Specifically, the front of the building, where my office is. The IT team led from the data center, which is in the back.
A breach we didn't have is still a win we can claim.