value - All Articles - CISO Platform2024-03-29T11:27:31Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/valueCyber Security Sauna podcast - Matthew Rosenquist on why value is the cybersecurity blind spothttps://www.cisoplatform.com/profiles/blogs/cyber-security-sauna-podcast-matthew-rosenquist-on-why-value-is-t2022-09-13T18:10:01.000Z2022-09-13T18:10:01.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10811183889?profile=RESIZE_400x&width=400"></div><div><div><p><br />I had a great time talking with Mark Fletcher in the Cyber Security Sauna podcast, talking about why Value is the blind spot of cybersecurity and how we should maximize it!<br /> <br /><em>Fun fact</em>: we recorded this <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">podcast</a> in an actual sauna recording booth at <a href="https://thesphere.org/">SPHERE22</a>, the world’s first co-security unconference!</p></div><div> </div><div><p> <iframe style="border:none;" title="Libsyn Player" width="100%" height="90" scrolling="no" allowfullscreen=""></iframe></p></div><div><p>LISTEN TO THE PODCAST: <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot</a></p></div><div><p> </p></div></div>HexCon22 – Two Cybersecurity Value Aspects You Are Missinghttps://www.cisoplatform.com/profiles/blogs/hexcon22-two-cybersecurity-value-aspects-you-are-missing2022-09-02T17:45:31.000Z2022-09-02T17:45:31.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/yA70fjQ9tHY" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="StyledElement___StyledDiv-sc-2e063k-0 fIRhWq slate-p"><span>I am excited to be speaking at HexCon22 about how CISO's must improve their ability to showcase relevant outcomes and quantify cybersecurity value in ways that align to the overall business goals of the organization!</span></p><p class="StyledElement___StyledDiv-sc-2e063k-0 fIRhWq slate-p"><span>I will be highlighting two areas that are often ignored when trying to deliver the maximum value for cybersecurity!</span></p><p class="StyledElement___StyledDiv-sc-2e063k-0 fIRhWq slate-p"><span>Register for free and join the online conference Sept 21st-23rd!</span></p><p class="StyledElement___StyledDiv-sc-2e063k-0 fIRhWq slate-p"><a class="slate-LinkElement ant-popover-open" href="https://www.hexnode.com/events/hexcon22/register"><span>https://www.hexnode.com/events/hexcon22/register</span></a></p></div>3 Tips to Maximize Cybersecurity Valuehttps://www.cisoplatform.com/profiles/blogs/3-tips-to-maximize-cybersecurity-value2022-07-11T18:33:22.000Z2022-07-11T18:33:22.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10638867854?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/ZvIC7XBB7dA" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">Delivering maximum value is a momentous challenge for cybersecurity organizations. It takes a decisive effort to organize and prioritize the proper goals that are meaningful to the business, and establish operational excellence to deliver effectiveness and efficiency. But running a good risk program that manages the defensive posture by addressing internal vulnerabilities is not enough. There are external factors that have a profound impact on the likelihood of attack and business factors that matter to the executive suite which could represent a competitive advantage to the corporate bottom line.</p><p class="graf graf--p">Here are my 3 tips to strategically enhance a cybersecurity team’s long-term value-proposition to the organization.</p><p class="graf graf--p">It comes down to three tiers of progress. Build, Compare, and Compete.<br />First, we must build a sustainably effective, comprehensive, and highly efficient cybersecurity capability. This is the most important step that every cybersecurity leader works towards on a daily basis.</p><img class="graf-image" src="https://cdn-images-1.medium.com/max/800/1*ORMERmT4p7HDHUMIQdCABA.png" alt="1*ORMERmT4p7HDHUMIQdCABA.png" /><p class="graf graf--p">Although the core of this work is fundamental to our operational existence, we need to pay attention to aspects often ignored, including the concept of aligning efficiency to financial optimizations and disproportionate resource allocation weighted to the most likely attacks. It is also crucial to see cybersecurity as a never-ending endeavor that must be incorporated into the overall everyday business processes and goals.</p><p class="graf graf--p">Sustainability is another key objective that is often overlooked while distracted by short-term battles. CISOs must plan for financial constraints, evolving threats, shifting technology landscapes, confusing regulations, and rising expectations of security to ensure longevity. Cybersecurity cannot continue to impose ever greater expense, friction, and frustration on the organization. A breaking point will be reached if proper strategic planning is not employed.</p><p class="graf graf--p"><br />Second, and this is where we diverge from what most CISOs focus upon, is about Comparing your organization to others in your sector. We must understand the attacker’s perspective. When they look for their next victim, they are evaluating who is best to target. By looking at your organization in contrast to others, you can understand how you appear in the landscape, and if you are in the pack or falling behind. You don’t want to be the easy prey.</p><p class="graf graf--p">Third, cybersecurity in operations, products, and services is becoming a Competitive advantage in many fields. The expectation of digital security, privacy, and safety, is rising as a purchase and loyalty factor with consumers. This is where cybersecurity can help the organization compete and therefore contribute to fulfilling the business goals (like revenue, market share, upselling, and more).</p><p class="graf graf--p">Cybersecurity can be a differentiating factor in many ways, including non-traditional competition. Savvy companies like Apple and Microsoft are maneuvering to improve their bottom line! Cybersecurity has the opportunity to not only enable, but contribute to corporate goals. Explore the potential and align as necessary to deliver value in new ways!</p><p class="graf graf--p"><br />Those are my 3 high-level tips to maximize cybersecurity value. By achieving success in these domains, you will be far ahead of others in being able to communicate sustainability and value for your cybersecurity program.</p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Drop me a note if you need help or have questions. To learn more in-depth about each area, subscribe to my <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">Cybersecurity Insights channel</a> where I will be posting videos and interviews that detail the challenges and best practices.</p><p class="graf graf--p graf--empty"> </p></div>Biggest Challenge in Cybersecurityhttps://www.cisoplatform.com/profiles/blogs/biggest-challenge-in-cybersecurity2022-06-27T18:35:04.000Z2022-06-27T18:35:04.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10599452666?profile=RESIZE_400x&width=400"></div><div><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj" style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/jjmWbOQ5iQw" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">In the next few years, the biggest challenge in cybersecurity won’t be dealing with a specific threat, but rather conveying a meaningful value proposition throughout the organization, and especially to the C-suite and board. It is key to the sustainability of cybersecurity and perhaps our biggest blind spot!</p><p id="c929" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Articulating value has always been hard, but two major factors are emerging to exacerbate the problem.</p><p id="e277" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">First, the economy is in a downturn. We can expect a tightening of budgets and spending not related to revenue generation. This is a problem for cybersecurity and privacy, which are often seen as a cost center or an expense, that can be trimmed during lean budgetary times.</p><p id="b03d" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Secondly, the cost of cybersecurity continues to rise every year. We typically see 12% to 20% annual budget increases, and now a recent study showed a shocking 60% growth in budgets last year. This financial demand is not sustainable year-over-year for businesses. And realistically we don’t see an end in sight.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Quantifying the value of security has always been difficult, but now more than ever cybersecurity must align itself to enable and deliver meaningful contributions to the overall business goals and definitively convey this value to secure continued investment and support.</p><p id="f3de" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Failure to do so will undermine executive backing and that is a downward spiral when faced with ever-growing threats. It is a road that will lead to disaster, disillusionment, blame, and further disruption to the capacity to prevent future from future cyber-attacks.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">That is why the cybersecurity leadership, across all sectors, needs to begin maneuvering to optimize efficiencies, align to deliver outcomes that contribute to the business goals, and clearly articulate the overall value proposition.</p><p id="cd27" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Those who fail will be fighting an uphill battle for funding and executive support that only shifts when really bad things happened. And that is not a good business model.</p><p id="c5e0" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">I’m going to be talking more about the challenges of communicating cybersecurity value in articles, blogs, videos, and when speaking at conferences, like I did recently during the SPHERE2022 conference, because it is so crucial to the durability of cybersecurity. This will be the next big challenge for CISO’s and there is a lot to unpack around the risks and opportunities.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">As always, come join me on the Cybersecurity Insights channel for more discussions and industry analysis. The link is below.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj"><a href="{{#staticFileLink}}10599452891,RESIZE_930x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10599452891,RESIZE_710x{{/staticFileLink}}" width="710" alt="10599452891?profile=RESIZE_710x" /></a></p><p id="a5d4" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Link to the Cybersecurity Insights channel: <a class="au tl" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p></div>Cybersecurity Costs Skyrocket 60%https://www.cisoplatform.com/profiles/blogs/cybersecurity-costs-skyrocket-602022-05-19T01:36:24.000Z2022-05-19T01:36:24.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10499592088?profile=RESIZE_400x&width=400"></div><div><p>Per the 2022 Hiscox Cyber Readiness report (survey), #cybersecurity spending increased 60% and median costs of incidents have risen 29% in the past year! This is not sustainable! Something must give if organizations are degrading at these rates. </p><p> </p><p>It is unavoidable that the cybersecurity industry will face many hard discussions regarding the showing and maximizing value to an organization. </p><p> </p><p><a href="https://www.hiscoxgroup.com/cyber-readiness">https://www.hiscoxgroup.com/cyber-readiness</a></p></div>Cybersecurity Value is About Protecting Intangible Assetshttps://www.cisoplatform.com/profiles/blogs/cybersecurity-value-is-about-protecting-intangible-assets2021-01-14T19:44:10.000Z2021-01-14T19:44:10.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><iframe width="560" height="315" src="https://www.youtube.com/embed/WyLl3d5sTiU?wmode=opaque" frameborder="0" allowfullscreen=""></iframe></p><p>Intangibles now account for 90% of the S&P’s total assets and it is no accident that the core of cybersecurity has evolved to protect those aspects of the business. It is a natural progression for security to align with protecting the most important assets. This is a crucial element when communicating the value and relevance to audiences. </p></div>