Travis Wong, Resilience’s VP of Customer Engagement, and Tas Jalali, Head of Cybersecurity at AC Transit, discuss cyber insurance and business objectives.
by Nikhil Chawla
Much of operational security (SecOps) involves investing in, deploying, and managing controls and their aftermath. When those efforts tie to a bonafide security strategy we call them tactics. Apart from a strategy, SecOps efforts are at best compliance processes or at worst security theater. What makes a security strategy meaningful? A business objective. The objective we are proposing for the industry is: Making The Business Resilient To Material Losses. That objective drives goals, strategy and tactics. It’s how a companies executives, board, and security practitioners can create a business that is “Cyber Resilient By Design.”
In our first post, we established why comprehensive vendor discovery matters and how most organizations approach it incorrectly. Today, we’re diving into the practical mechanics: the seven data streams that can reveal vendor relationships hiding in your existing systems. The key insight is to start with data you already have rather than surveys or questionnaires. […]
Getting executive sign-off on a new control? Hard. Getting peer buy-in on security initiatives when they don’t report to you? Harder. In modern organizations, cybersecurity professionals often find themselves in the ultimate matrix of organizational challenges: you need buy-in from every department within the organization – operations, sales, HR, and finance – but none of […]
The average enterprise relies on hundreds—sometimes thousands—of third-party vendors to operate. Yet when security leaders are asked for a complete inventory of these vendors, the response is often a patchwork of spreadsheets, outdated procurement lists, and educated guesses. This vendor blindness isn’t just an operational inconvenience—it’s a critical business risk that’s becoming increasingly expensive to […]
Spotify
Apple Podcast
Google Podcast