Came across a series of interviews on Misti.com. There are currently 4 parts and might be more. Each part focuses on another professional in infosec: Christy Wyatt CEO of a security firm, Kristy Westphal Security Manager, Summer Craze Fowler Technical Director of Cybersecurity Risk & Resilience, and Georgia Weidman CTO.
They’re all good interviews, but I have to say I like the Westphal interview the best. Some good, pragmatic insights. Though the Fowler interview also has some amazing insight as well!
Focusing on operational resilience rather than solely on cybersecurity is critical. Operational resilience is the ability to achieve objectives before, during, and after a disruptive event, and then return to normal operating condition as quickly as possible. We do not want to protect our digital assets for the sake of protection alone—we are doing this in support of business/organization objectives. Cybersecurity should not be a “bottom up” activity, and it should start with the top organizational mission/objectives. Bridge the gap between business and technology using risk-informed decision making!