{"id":6096,"date":"2024-11-05T09:00:00","date_gmt":"2024-11-05T15:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/how-win-cyber-influencing-people"},"modified":"2024-11-05T09:00:00","modified_gmt":"2024-11-05T15:00:00","slug":"how-to-win-at-cyber-by-influencing-people","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/05\/how-to-win-at-cyber-by-influencing-people\/","title":{"rendered":"How to Win at Cyber by Influencing People"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/bltbf462bae8413394c\/672a333ea41d7f142a2bfbca\/Zero_trust%281800%29_Alexander-Yakimov_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">COMMENTARY<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Knowing you would like to implement zero trust and <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cloud-security\/executing-zero-trust-in-the-cloud-takes-strategy\" rel=\"noopener\">actually implementing it<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> are two different things. That&#8217;s at least in part because zero trust is not a single solution one can install and walk away from. Rather, it&#8217;s an approach to IT and security that <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/remote-workforce\/nsa-s-zero-trust-guidelines-focus-on-segmentation\" rel=\"noopener\">emphasizes validating every connection<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, whether it&#8217;s user to app, app to app, or process to process. The advantages are clear though: a reduced attack surface; lateral movement across a network by attackers is prevented; and each and every access to any corporate resource is granted on a per-request basis.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In short: Never trust, always verify. &nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/zero-trust-takes-over-63-percent-of-orgs-implementing-globally\" rel=\"noopener\">Many of the challenges associated with a large initiative like zero trust<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> are not technical issues, but rather relate to driving change. There are significant interpersonal and organizational components to adopting this approach that must be carefully considered. Over the course of my career \u2014 most recently as chief technical officer (CTO) for GE and Synchrony Financial \u2014 I had the opportunity to work on many &#8220;big word projects,&#8221; including AI, cloud, and of course, zero trust. What follows are some of my top tips for ensuring you win at cyber by influencing key stakeholders within your organization. &nbsp;<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"How to Win at Cyber in Five Easy Steps\">How to Win at Cyber in Five Easy Steps<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">1. Organizational Partnership<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Zero trust is a team sport. Successfully executing a zero-trust transformation requires understanding all the personas involved and aligning on intended outcomes.&nbsp;&nbsp;<\/span><\/p>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"12\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The CTO is focused on the infrastructure: design, maintenance, configuration, execution, and tech strategy.&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"10\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The chief information security officer (CISO) knows and owns the security strategy, security execution, and monitoring.&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"9\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The chief information officer (ClO) is focused on the technologies and applications of the organization, overseeing the people and process aspect of transformation and day-to-day operations.&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The risk leader confirms the technology group is covering all the risks to the organization and end consumer.&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Bringing the CTO and CISO together on a common goal of zero trust and then inviting the risk leader along on the journey is a huge step in your success. Establishing a rhythm of these leaders with the CIO brings it all together. These roles might be slightly different in your organization, but understanding each stakeholder&#8217;s role and connecting them before the project begins is key.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">2. Communication and Board-Level Metrics<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Once key leaders are aligned behind your zero-trust initiative, you need the backing of your board. This won&#8217;t be accomplished by lengthy, wonky discussions of the underlying technology you hope to implement. Instead, boards want to understand your organization&#8217;s risk exposure, and how you intend to manage it.&nbsp;&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The ability to demonstrate a comprehensive <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/fico-us-chamber-of-commerce-score-cyber-risk-across-10-sectors\" rel=\"noopener\">risk score<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> is a powerful asset for establishing a baseline and reporting on progress over the course of what is likely to be a multistep, multipronged zero-trust deployment journey. Once you&#8217;ve established this score, continue to revisit it along each phase of your initiative to demonstrate maturity backed by real-world data from your environment.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">3. Phased Deployment Plan<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It&#8217;s no accident we speak about zero trust as a journey, one that rarely unfolds along a straight line. Transformation initiatives often begin in response to a stimulus \u2014 implementing a VPN replacement or incorporating a new acquisition into existing IT systems, for example \u2014 and then maturing over time. &nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">One thing is critical, though: Develop a plan that incorporates individual use cases into an overarching strategy for deployment. A phased deployment allows stakeholders to avoid the feeling of needing to &#8220;accomplish&#8221; zero trust overnight. The first project will doubtless be the most difficult; it gets easier from there.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">4. Pragmatic Technical Deliverables<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Throughout my career I have encountered a number of CIOs with impeccable strategic instincts who nevertheless struggle to translate them into pragmatic deliverables. When we&#8217;re dealing with complex, sometimes nebulous concepts like AI, the cloud, or zero trust, it&#8217;s easy to get lost in the weeds. &nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It&#8217;s critical that tactical actions like a VPN replacement are framed in terms of the business problems they solve. I return to the VPN example because it is a perfect illustration of enhancing security and the user experience, making it a model IT solution for a business issue. Users become more productive and benefit from a smoother experience, the opportunity for lateral movement is reduced, and cost savings are likely to accrue.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">5. Fix the Basics<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It may sound simple, but it&#8217;s a critical point that I have often seen overlooked. Tackle the low-hanging fruit, or threat actors will do it for you. So, what are the basics? Phishing not only remains the number one threat vector facing most organizations, it&#8217;s also only solvable by creating a culture of security within your organization. I don&#8217;t mean in terms of high-tech solutions, but by fostering basic cybersecurity literacy organization wide. With the advent of AI-assisted pretext creation, this will only become more critical in the near future.&nbsp;&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Zero trust is a mature approach that will up-level your organization&#8217;s security. If you haven&#8217;t yet started out or if you are simply looking for a more complete implementation, I hope you find this advice useful.&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/how-win-cyber-influencing-people\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>COMMENTARY Knowing you would like to implement zero trust and<\/p>\n","protected":false},"author":12,"featured_media":6097,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/how-to-win-at-cyber-by-influencing-people-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6096"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6096\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6097"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}