It was a Friday date night out with my Boss, who happens to be my wife. Yes, my wife is the true Boss I answer to in this world. We were heading to WinStar World Casino and Resort in Oklahoma from Texas. I’m sure by now you know whose idea it was to head to WinStar. We were in the car, when I got a call from the President/CEO of a well-known company. In a worried voice he says, “I think we have been hacked.” I ask, “why?” He explains, “because we are receiving multiple VPN logins from all over the world, and at all kinds of odd hours.”
You can imagine the vexation that was building in my car. But that is why I have the perfect Boss, because she understands Cybersecurity is my life’s work and not a job. If there is one phrase CEO, CISO, Executives, and Cybersecurity practitioners always hear from me is, ‘Cybersecurity doesn’t exist in a vacuum, we must always be prepared.’ Of course, I got right to work and started contacting my ‘threat hunting team.’ My team has some of the best and brightest minds in the world, from pure computer scientists, networking to system administrators, sociologists, and physiologists. Many ask why sociologists and physiologists are part of the team. And my answer is simple- ‘intrinsically, cybersecurity is a people problem.’
Why does a CISO need a panic war room?
‘Secret attacks are like a picnic table of goodies for our enemies’ was quoted by General Natonsk, in his panic room, during the First Battle of Fallujah, code-named Operation Vigilant Resolve, an operation against militants in Fallujah.
As seen above, a panic room is a safe room that people can strategize during a battle. I believe that CISO’s need to have the same safe place to combat any emergency caused by cyber criminals. In that room, CISOs must have the right decision makers, such as threat hunting team, a strong plan in place and a leader like General Natonski in the room, to ascertain the appropriate panic in the room, and use a risk-based approach to navigate the threat landscape, just like a strategic general in war time.
MORE ABOUT THE PLAN
What is essential to remember is that a proper plan must be laid out before anyone gets into the room. Even Napoleon appreciated the role of planning, when he said, “Nothing succeeds in war except in consequence of a well-prepared plan.”
A CISO’s plan cannot be rigid and institutionalized leading to lockstep and inflexibility. Some of the best CISO’s plans I have written are the plans that are partial approximation solutions, and flexible to refine these solutions over time, even after the initial solutions have been executed. Having a solid plan in place can’t be overstated before we get people into the Cybersecurity war/panic room, especially to reduce the pressure and panic. George S. Patton. Jr put it perfectly “A good plan violently executed now is better than a perfect plan next week.” A great strategy wins every time.