Executive Strength in Digital Cybersecurity Leadership

Morey Haber, Chief Technology Officer
March 5th, 2018

According to TechTarget, Digital Leadership is, “… the strategic use of a company’s digital assets to achieve business goals. Digital leadership can be addressed at both organizational and individual levels.” What fundamentally makes this important is the type of business an organization performs. For an architectural firm, it might be the electronic production of drawings, or for a hospital, the electronic storage of patient records and even computerized medical equipment. Organizational leaders need to leverage these results to excel in business, provide competitive differentiators, and understand how they can provide tools for business to achieve objectives.

For information technology security professionals, there is a small twist to this definition. And, it is true for every single organization that uses information technology. After all, that’s pretty much everyone even if you do not have a CISO. Digital Security Leadership is the capability to leverage an organization’s cyber security defenses for more than just protection. Businesses typically deploy firewalls, antivirus, VPN, vulnerability, patch, privilege, and other solutions to combat cyber threats. The question becomes, how these can be used to achieve business goals?

Ensuring Business Continuity

Any unforeseen interruption in the business can cost thousands or millions of dollars per hour due to the loss of revenue, services, or even because of penalties. Cybersecurity should not be viewed as financial drain, but rather a tool to ensure business continuity. In the end, it safeguards the workflow, services, and processes your business provides from threat actors that may want to disrupt, compromise, or even leverage your resources for their own financial or malicious gain. An executive that embraces information technology security for enabling business sustainment versus throwing away money because of a threat will understand how the tools can strengthen the business.

Supporting Business Strategy

Information technology security solutions are often purchased to counteract a threat or satisfy a regulatory audit finding. The truth for executives is that these purchases are generally reactive and not strategic. There is typically no long-term plan to ensure sound cybersecurity hygiene, vendor preference, or even correlation with other departments and their tactical visions and product development.

Digital Security Leadership involves a long term cybersecurity strategy. A strategy that ensures the foundation of defenses remains solid, maintenance is performed on a regular basis, including updates, the replacement of end of life systems, and most importantly it aligns with the other business initiatives that leverage information technology. This implies security teams be involved from the initial conception of a new idea all the way through its release to validate and harden that the new initiative cannot be leveraged against the business. Therefore, the businesses strategy should include digital security leadership from cradle to grave to support the business and even the new offerings need resilience against threats.

Enabling Regulatory Audits

Regulatory audits often dig deep into an organization looking for improper or unauthorized transactions, inappropriate practices, and errant procedures. When it comes to cybersecurity, it is often related to fraudulent activity due to insider or external threat actors. Once an event is identified as suspicious, an investigation occurs. Determining the details based on electronic events and homing in on an Indicator of Compromise (IoC) requires a well-defined cybersecurity practice and a reliable installation for log collection.

This is where Digital Cybersecurity Leadership comes into play. The data needed to prove, refute, or legally charge a person or entity with a crime comes from the information technology data collected and the integrity of the data. This is where cybersecurity solutions become more than just a defensive technology. Its data merged with operational logs becomes the foundation for an investigation a key component to detect fraud and support efforts used by auditors. A good security solution enables all levels of the business including auditors and investigators.

Digital Cybersecurity Leadership is an executive’s ammunition to create a culture and tools that expand beyond cyber security defenses. It promotes the solutions for other mission critical purposes within the business and allows other teams to understand that they have benefits far beyond just protecting against the latest hack. If teams can embrace cyber security from leadership on down, then the benefits may far extend the occasional inconveniences many employees experience from day to day. It takes a strong leader to change the culture of an organization and security leadership starts at the top and not just annoying expense.

Contact us today for a customized cybersecurity planning session.

Morey Haber, Chief Technology Officer

With more than 20 years of IT industry experience and author of Privileged Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology for both vulnerability and privileged access management solutions. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.