Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Chief Information Security Officer best practices for 2018: Proactive cyber security
Cyber Security: A Peer-Reviewed Journal,
1
(4),
361-367
(2018)
Abstract
Cyber adversaries are adapting to the enterprise rush to include new features, add cloud and cut costs faster than IT teams are able to secure them. This cyber security paradox creates an opportunity whereby cybercriminals and adversaries only need to be right or ’lucky‘ once in an attack, while cyber defenders must be ’right‘ every time. Yet, despite the high priority of security in nearly every industry, breaches continue to make headline news. Despite effective solutions to mitigate or eliminate those threats, IT and security teams are fighting a losing battle, as the need for new features is often prioritised over the requirement for security. This paper examines these cracks in the organisational struggle for security and their root causes, and offers a practical perspective on how to achieve better defence through training, balancing processes and leveraging the right technologies to decrease attack vectors and build a proactive security process that is better prepared for current and new threats.
Keywords: AI; machine learning; fileless malware; ransomware; destructive malware; training; CISO; BISO; crypto-coin mining; proactive cyber security; cyber security process
The full article is available to subscribers to the journal.
Author's Biography
Travis Rosiek has nearly 20 years‘ experience in the security industry, he is a highly accomplished cyber defence leader, having led several commercial and US Government programmes. He is known for developing and executing strategic plans to build the technical capacity across product development, quality assurance, technical marketing, professional services and sales engineering. Prior to his role at BluVector, he held several leadership roles, including CTO at Tychon and Federal CTO at FireEye, as well as senior roles at CloudHASH Security, McAfee and the Defense Information Systems Agency (DISA).
