avatarTeri Radichel

Summary

Teri Radichel discusses the importance of strategic thinking in cybersecurity, emphasizing long-term strategies over short-term tactics to prevent data breaches and manage cloud risk effectively.

Abstract

In the context of cybersecurity, Teri Radichel advocates for a broad, strategic approach to problem-solving rather than relying solely on tactical measures. Drawing from her personal experience with a data breach, she underscores the necessity of understanding the full scope of potential threats and the importance of developing secure architectures. Radichel's work emphasizes the dynamic nature of cloud security, where constant changes and the overwhelming flow of data breach news require robust strategies to filter out noise and focus on meaningful security measures. Her recent book and cloud security classes aim to instill a thought process that leads to comprehensive strategies, enabling organizations to reduce risks and prevent data breaches while fostering innovation and progress.

Opinions

  • Radichel believes that a single data breach can fundamentally shift one's perspective on cybersecurity, transitioning from risk avoidance to proactive prevention.
  • She suggests that the sheer volume of potential attack vectors and the rapid pace of change in cloud services necessitate a strategic approach to cybersecurity, rather than a piecemeal one.
  • Radichel's approach to cybersecurity involves categorizing threats, using metrics, and applying logical constructs to narrow down the possibility of security failures.
  • She points out that the cybersecurity landscape is not improving, as evidenced by the increasing number of breaches, and advocates for new strategies to reverse this trend.
  • Radichel emphasizes the importance of executive involvement in cybersecurity, providing questions that executives should ask their security teams to ensure a strategic approach to risk management.
  • She believes that her book and classes offer valuable insights and strategies that can lead to a significant positive difference in organizations aiming to minimize the risk of data breaches.

How to THINK about cybersecurity

Long term strategies versus short term tactics

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I wrote about the concept of how to think about cybersecurity in my prior post on The Right Cybersecurity Training. Solving complex problems involves stepping back and looking at the big picture. Problem-solvers need to not only have a broad vantage point but sometimes specific details to get it right. Time is limited, and efforts must leverage it wisely to focus on what matters. Sometimes responsibilities are split between parties that need to work together to make things happen. In some cases, people need to see things they didn’t see before or look at them in a new way.

After my first data breach involving monetary loss — my own money — my whole perspective changed. Before that, I was risk avoidant and tried to push off the risky aspects of my business to other companies. I moved my email hosting elsewhere. I did not store credit cards on my systems but instead pushed that off to the credit card processors. However, after I faced a breach despite my efforts to avoid that possibility, I realized that was not enough.

Cybersecurity for Executives in the Cloud

Now I was annoyed. I wanted to find out what happened, and I wanted to stop it from happening again. I had already been researching the source of excessive spam in my inbox, but now I was researching the cause of data breaches and effective ways to stop them from happening again — ever. The more I learned, the more I realized how hard that would be to accomplish. There are so many ways an attacker can break into a system, and all it takes is one mistake.

I wrote about how I created a WAF before that term existed in a prior blog post. I started inspecting and learning about the different types of attacks. I was trying to eliminate known bad and narrow down the possibility of a successful attack occurring again. I’ve always tried to quantify things and use logical constructs to narrow down the chance something could go wrong twice, while still being able to get things done efficiently and innovate. The trick is to weed out what matters from the noise, categorize things appropriately, use metrics, and solid logical constructs when making decisions.

When you deal with cloud security, things are continually changing. There’s no way you’re going to keep up with every single change every minute something new appears. The new features coming out from cloud providers and the number of new cloud services implemented in companies daily may seem overwhelming. I try to keep up and provide a comparison of the major cloud provider services in my cloud security classes. It’s incredibly time-consuming.

The constant barrage of data breaches in the news may seem overwhelming. The logs are full of events that could be possible security incidents. The trick is to develop strategies to deal with the change and the noise. Additionally, we need an approach to create architectures that are devoid of logical flaws that allow breaches to happen. Better metrics can help us measure security and risk more effectively from the top down.

The idea of developing a strategy around how to think about security and how to measure it more effectively is the focus of my new book, Cybersecurity for Executives in the Age of Cloud, and my Cloud Security Architecture and Engineering class. Rather than provide a prescriptive, tactical list, or a piecemeal approach, I hope to help people develop a thought process that leads to an overarching strategy that starts broad and narrows in where required. In the process, organizations can reduce cybersecurity risks and preventing data breaches before they happen. Additionally, by designing processes for getting work done that provide both transparency and the ability to innovate, companies can achieve both security and progress at the same time.

I’m teaching another private class this week and trying to get my book out to readers as soon as possible. Much of the book is free on this blog, but the last chapters attempt to summarize and add an overarching context around the list of questions executives can ask security teams that I provided in the book. The class content and labs help people of varying levels understand what the top threats are in the cloud. Students learn how to apply and assess cybersecurity fundamentals in cloud environments. At the same time, the material presents strategies that show students the big picture when it comes to managing cloud risk, how to weed out the noise, and fill security gaps.

It appears that cybersecurity is not getting better based on the number of breaches and possibly the worst year on record in terms of the number of stolen records and data breaches. Let’s do something different to try to make that trend go in the other direction. I hope you will join me in a class or check out my book. I really hope it makes a positive difference in organizations that want to minimize the potential of a data breach. That’s the goal.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2020

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Cybersecurity Training
Cybersecurity Education
Could Security Training
Security Training
Sap Security Classes
Recommended from ReadMedium
avatarNeetrox
Windows Event IDs That Every Cybersecurity Analyst MUST Know

Uncovering Threats with Critical Windows Event IDs

8 min read
avatarInto Cyber -- Joseph Howard, PhD
A Brazen Claim from a Cyber Newbie: Hands-On Skills aren’t Enough

A little over a year ago I began considering the possibility of a career pivot into cybersecurity. It would be a major change for me and…

4 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarRoshan Kumar
Google Security Operations SOAR: Demystifying Key Terms

So, What’s the Deal with SOAR?

4 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarHelen Patton
What Is A Cybersecurity Company?

And Does It Matter?

4 min read