Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
I recently joined our ShadowTalk podcast to discuss 2019 planning and prioritization. If you listen, you will notice that I’m loath to refer to January planning as “New Year’s resolutions” since you know what happens to those resolutions. Three weeks into the month, they have faded into your distance memory. Quick question though, if you eat an entire box of Girl Scout Thin Mint cookies in one afternoon, does that break any of your New Year’s resolutions? I’m asking for a friend. Healthy eating failures aside, here are some of the 2019 CISO topics that are important for us.
It isn’t an exercise we do at the last quarter and first quarter of a year. Continuous strategic planning is the name of the game. Our risk management process feeds into our strategic planning on a quarterly basis.
This will help keep your security program on track. How many alerts, intrusions, audits does it take to get your program off track? Not very many. If you build out your calendar for the year and then hold yourself and your team accountable for sticking to it, you are more likely to have success in your program. Even if you are only able to stick to 70% of your calendar, you will still be in a better place than if you didn’t establish the framework. Here are some of the items I like to build into our annual security and risk playbook:
This phrase has become a mantra for me ever since I wrote about it while at Forrester Research back in 2012. I define Expense in Depth as: the multilayered approach to ensuring minimal return on investment. See “Expense In Depth And The Trouble With The Tribbles” for more details. Here is how we avoid Expense in Depth:
This is my analogy for “eating your own dog food,” or “drinking our own champagne” as Wendy Nather taught me. BBQ sounds much better to me than dog food. Our team has a great service with SearchLight, and we need to take full advantage of it. We also have a great tool with ShadowSearch, which we use for external enrichment of our investigations. It doesn’t cost me anything to use them, and I get great visibility into my external digital risks.
Figure 1: Using Shadow Search to track mentions of Digital Shadows on criminal forums, dark web sites and messaging applications
If we didn’t spend another dollar on technology, we would be ok for 2019? Of course, I do have new technology that will be added to the stack this year, but I want to focus on improving the program. Some of the key focus areas for me:
I have no illusions that employees will be working at Digital Shadows forever. Losing staff is inevitable, people move on; however, it is our job to foster an environment that retains staff for as long as possible. I want to understand our team members’ goals and aspiration and figure out a way to help them achieve them. Here are some ways in which we do that with our team:
I’m sure I won’t meet all of the goals I have listed here; however, just the act of capturing them and building them into our 2019 playbook sets us up for success. Each quarter we will revisit them and adjust as needed. If you have some suggestions on your strategic planning, I’d love to hear from you.
For more on my CISO 2019 plans, listen to the full episode of ShadowTalk: CISO Spotlight: Security Goals and Objectives for 2019.
To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.