SEC New Regulations - I Present the Cybersecurity Advocatus Diaboli (Devil’s Advocate).

SEC New Regulations - I Present the Cybersecurity Advocatus Diaboli (Devil’s Advocate).

The office of the Devil's Advocate, known in Latin as "Promotor Fidei" or "Promoter of the Faith," was originally introduced by the Roman Catholic Church in the thirteenth century. The role of this office was to critically scrutinize the life of, and miracles attributed to an individual proposed for sanctification or canonization. One might ask what the new SEC cybersecurity rule has to do with a thirteenth century Roman Catholic rule.

Either in previous writings, or when briefing Executives, and corporate strategists, I have always held the position that today’s cybersecurity challenges are not necessarily technology problems, but rather issues of business and people. I emphasize that just adding ineffective cybersecurity tools to an Enterprise defensive posture is not enough. To bolster my position, I would generally present a proposition in the form of a question, “if most organizations that have fallen victim to a cybersecurity incident still have an average of 35 different security tools, why didn't they work?”

The role of a Cybersecurity Advocatus Diaboli is a person who is a knowledgeable insider who has the Board's backing to step outside of the corporate political operations, and objectively evaluate an Enterprise cybersecurity posture to identify any gap that would affect the company’s bottom line. Organizations should always remember no cybersecurity posture or strategy is completed without the threat actors’ perspective. The premise of suggesting the use of the Devil Advocate here is to challenge the day-by-day, minute by minute Cybersecurity posture of any given organization.

Today’s cyber threat landscape is dynamic and very complex. CISOs, and executives around the world are faced with complex choices, and strategic dilemmas. Organizations can get fresh and alternative introspective / retrospective perspectives with a Cybersecurity Advocatus Diaboli who will test and reveal unfounded cybersecurity presumptions. But- most importantly, having a devil’s advocate, an outside perspective will improve an organization’s cybersecurity posture