Democratized Security and the Role of Network Admins
2024-10-1 22:15:0 Author: securityuncorked.com(查看原文) 阅读量:6 收藏

I don’t believe there’s a heavy dividing line between networking and security. In fact, I think IT operations is, in fact, a critical part of cybersecurity, which means that every IT professional is also a security professional. Or, they should be.

But, organizations often work in silos — sometimes loose constructs on an org chart, but other times heavily divided in both task and culture. Networking and IT teams often aren’t involved in critical security architecture decisions, yet they remain the best resource an organization has for making a cybersecurity project succeed.

I believe in the extreme democratization of security and the tight integration, especially, of networking and security. One of my driving passions for over a decade has been to “bridge SOC and NOC”, which is just my shorthand way of saying I facilitate breaking silos and building meaningful communication between security and networking.

The consulting, advisory, and training services I offer all center around this concept. The idea that security truly is a team sport and we’re all in it together.

To that end, I’ve added two endeavors tightly aligned with this objective. A new podcast, and a new training program.

The New Podcast- Packet Protector

When the Packet Pushers team said they were interested in more security content, I was all ears. They have a huge and active community of networking professionals, and some ungodly high number of listeners in their family of podcasts.

So February of 2024, we started Packet Protector — the podcast at the intersection of networking and security. My co-host, Drew Conry-Murray, and I release episodes weekly. You can listen and subscribe with your favorite podcast app at https://packetpushers.net/podcast/packet-protector.

The New Training Program – CISO Launch®

The other way I can help move the needle is to better educate IT leaders on the ways of the cybers. Many (most?) organizations operate without a dedicated or qualified CISO and don’t have talent within the organization that can successfully build a cybersecurity program from scratch. But, not all IT leaders need or want to take on the CISO role, and some just need to make better cybersecurity-informed IT decisions.

“We hired a firewall engineer to help review logs.”

Some of you reading this will laugh, but this is the exact sentence I’ve heard from scores of organizations looking to dip their toe into managing cybersecurity within the IT organization. They don’t know where to start. In the world of IT and networking, firewalls are often correlated with “security” and so it seems the obvious choice for those leaders. If it’s not already obvious, let me tell you now that hiring a firewall engineer to review logs is not the best way to start your cybersecurity program and it’s highly unlikely to yield any benefit at all.

This is why I created the CISO Launch® training program. It’s not for CISOs, it’s for IT leaders who need to incorporate cybersecurity into their program. It kinda’ reminds me of Zoolander’s School for Kids Who Can’t Read Good. It’s JJ’s School for IT Leaders Who Can’t Cyber Good (yet)!

In preparation of a 2025 launch, I taught a short one-day CISO Launch Crash Course at the InfoSec World conference September 2024. It was not only extremely well received, but equally rewarding for me. The flagship CISO Launch program is a multi-month program with small cohorts, delivered virtually in bite-sized weekly sessions. It focuses on how to identify needs, prioritize tasks, build a sustainable program, and streamline workflows and resources so that already over-burdened IT pros won’t just have more thrown on their plate. In the end, CISO Launch enabled IT leaders will be able to focus their teams’ energy so they’re doing less but more impactful work.

Sometimes people tell me I “juggle a lot” and am doing “all sorts of things” but the reality is I’m very clear on my mission and vision, and bridging security and networking is a passion that I pursue in many ways.

###


文章来源: https://securityuncorked.com/2024/10/democratized-security-and-the-role-of-network-admins/
如有侵权请联系:admin#unsafe.sh