Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Defence from an attacker’s view: Rethinking traditional approaches to cyber security
Cyber Security: A Peer-Reviewed Journal,
8
(4),
348-360
(2025)
Abstract
In many organisations, cyber security is considered to be an information technology (IT) problem. However, the traditional relationship between IT operations and cyber security teams, where one is focused entirely on carrying out business-as-usual activities and maintenance while the other attempts to prevent cyberattacks, is outdated and leads to an increased cyber risk for organisations. These long-held views and failure to fully integrate current cyber security methodology and principles into IT-related business processes not only increases the likelihood of a successful cyberattack but exacerbates the resulting damage. It is not possible for organisations to prevent every attempted cyberattack; instead, organisations should expect and plan for breaches. This paper explains how implementing an assumed breach paradigm and combining the knowledge of IT operations and cyber security teams to form a combined CyberOps function can help close gaps in defence and incident response preparedness.
Keywords: cyber security; IT operations; cyberattacks; cyber risk; cyber security methodology; breach plan; breach paradigm; CyberOps; incident response preparedness
The full article is available to subscribers to the journal.
Author's Biography
Jonathan Freedman is Head of Technology & Security at Howard Kennedy, where he oversees technology while ensuring security. With over 20 years in the professional services industry, Jonathan has accumulated a robust technical knowledge which covers network infrastructure, security technology, virtualisation and cloud-based applications. He has most recently been looking into deep into machine learning (ML) technologies, including Azure artificial intelligence (AI) services and large language models (LLMs). Outside of Howard Kennedy, Jonathan volunteers as the Head of Information Security at the Cyber Helpline, helping the charity make a tangible difference in the community. Jonathan’s passion for technology spills over into his free time; he is a tech enthusiast who loves tinkering in his home lab, relishes mentoring and teaching his team and is known for his ability to explaining complex tech concepts in a business context. He also speaks at industry conferences, about topics ranging from cyber security to the latest technological advancements. Along the way he has collected professional certifications including CISSP, CISM, CCISO, CGEIT, CEH, CIPM, TOGAF, ISO27001 and ISO42001.
