In this segment, we explore a strategic approach to enhancing cyber resilience within organizations, emphasizing the "crawl, walk, run" methodology. By starting small and gradually advancing security measures, organizations can effectively improve their security posture.



Here is the verbatim discussion:

And what I've recommended over the years is uh taking the approach of crawl walk run so start small and and identify what your current state is figure out in Baseline you where you are from a security posture perspective and there's tons of organizations out there that can do these assessments there's tons of templates and and things out there that you know at given your organization you should be you you're currently at a level one or level two and your goal should be to get to the next level whether it's two or three and um identifying all those areas and how you can make that you can step from one area to the next and then from there you know ultimately kind of the the the key areas that organizations end up um fall you not prioritizing effectively and and can really um increase their of it wasn't anywhere near where it is today um and over the the past you know really 10 years a lot of things have have really moved to the cloud and there's been a lot of automation a lot of things like machine learning and artificial intelligence and a lot of these great tools that have U been brought to the market that allow us to to provide better defense uh against these types of attacks the the downside to that is those same tool same tools are actually available to criminals as well and although organizations have gone through their digital transformation you over the past 10 years um so is the the the hacking community and the criminals at large and and basically what's ended up happening is there's um a a giant ecosystem it's a it's a whole underground economy where you have uh.



Crawl, Walk, Run Methodology: Experts advocate for a phased approach to cybersecurity improvement, beginning with assessing the organization's current security posture. By identifying baseline security levels and prioritizing areas for enhancement, organizations can strategically progress from one security level to the next.

Utilizing Assessment Tools and Templates: Various organizations offer assessment tools and templates to help organizations evaluate their security posture effectively. By leveraging these resources, organizations can identify areas for improvement and develop a roadmap to advance their security maturity.

The Evolution of Cyber Threats: The discussion highlights the evolution of cyber threats over the past decade, with attacks increasing exponentially. The emergence of an underground economy, where nation states collaborate with criminal groups, has heightened the sophistication of cyber attacks, posing significant challenges for organizations.

Harnessing Technology for Defense: While advancements in technology, such as cloud computing, automation, machine learning, and artificial intelligence, have provided organizations with better defense capabilities, they have also empowered cybercriminals. The availability of these tools to both defenders and attackers underscores the importance of proactive security measures.


 Adopting a strategic approach to cybersecurity, starting with assessing the current state and gradually advancing security measures, is essential for building cyber resilience. By prioritizing effective security measures and leveraging available resources and technologies, organizations can mitigate risks and strengthen their defense against evolving cyber threats. This segment emphasizes the importance of proactive and adaptive cybersecurity strategies in safeguarding digital assets and maintaining resilience in the face of emerging threats.



Brad LaPorte a former army officer with extensive experience in cybersecurity, provides invaluable insights into the evolving landscape of digital threats. With a background in military operations, LaPorte witnessed firsthand the early stages of nation-state cyber attacks, laying the groundwork for his deep understanding of cybersecurity challenges. Through his journey, he has observed the transformation of defense tactics from traditional, labor-intensive methods to modern, cloud-based solutions. LaPorte's expertise offers a unique perspective on the intersection of technology, security, and the underground economy of cybercrime. In this discussion, he shares his experiences and analysis, shedding light on the complexities of cybersecurity in the digital age.


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud. 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa