10 reasons for CSOs to be thankful

The attack surface continues to expand and has made the job of the CSO increasingly complex and challenging. It’s not just technology alone anymore but increasingly it takes the village to secure the enterprise. The village of internal and external partners and the end-users all using  and sharing effective technology and security best practices makes for a better and more secure organization. For many of us we have sown the seeds of this partnership and technology a while back and it is now that time of the year to give thanks for the harvest that our security ‘village’ has yielded to us.

1. A good night’s sleep

With data breaches happening almost every week or so it seems, security teams have to be ‘always on’ and thankful for a good night’s sleep, when we can get it.

2. Security aware users

Alert and security-aware users are our best line of defense. The more aware our users are the less likely they are to fall for phishing attempts and therefore reduce the number of attacks.

3. Information security staff

Good staff is hard to find and more importantly hard to keep. Grateful that we have retained our talent for another year

4. Great executive management support

Just like the information Technology team, executive support is key to a successful information security program. Without executive support much of the information security program stays in the policy document only and it is only with their support that information initiatives can be funded and take off.

5. Great Information technology partners

Without the help and support of the information technology team, our task of securing the network would be nigh impossible. An effective patch management program is only as effective as the IT team that is implementing it.

6. Next generation firewalls

If there is one technology that I had to pick to be thankful for it is next gen firewalls which allow for tremendous visibility, and application of security controls in a central and managed manner.

7. Great business partners

Other teams such as compliance, privacy, counsel, internal audit, vendor management all need to play nice with information security program to achieve a higher level of organization security. With data breaches top of mind, good and close relationships with counsel and privacy partners are especially important for incident response and breach management.

8. Law enforcement upping their game

There seems to be a big uptick in law enforcement involvement in information security with many local and federal agencies establishing programs for sharing and outreach with other law enforcement agencies and the private sector. Only good things can come from this.

9.  Security vendors innovation

The security space is a hotbed of innovation, and new security products and offerings are sprouting all over. Some of these new products are very good and provide us additional and much need visibility into the internal network and provide for faster hunt and response capabilities. Downside  though is an  increase in cold sales calls.

10. Security researchers

While their efforts can result in extra patch management cycles, security researchers that uncover and legally disclose vulnerabilities do an important service to our security community and help in making our systems more secure.