Join us or reach out for a consult on our contact page.
Read on to learn more now...
The cyber community has never known more than we know today, nor has it had more funding and sophisticated technology.
Yet, incidents and breaches continue. The harsh Cyber Forensics realities are that most incidents and breaches are self-inflicted. And state-sponsored attacks are more intense by rogue states and their proxies.
In business terms, you lose customers, competitive edge, time to market, and most assuredly, suffer heavy costs and burnout. Mighty companies fall due to structural flaws and group think, as in Jim Collins’ “How the Mighty Fall.” They fail to quickly adapt proven methods and stay ahead of competitors.
Cyber teams are also failing to adapt quickly and stay ahead of enemies. Financial-reporting style control structures were never relevant, structurally sound or reliable. And people, process and technology can be misapplied.
How can this be?
Perhaps the main reason is that cyber pros – caught between structural flaws, flawed controls and policies, and group think – are simply not taking advantage of terrific and proven methods. There are “Good to Great” methods that drive strong business outcomes and are easily applicable to managing cyber risk.
Cyber success, like business, requires tools designed for the dynamic and chaotic cyber system. Tools designed for more static systems, such as financial reporting-style controls (ICFR), naturally break when applied to the dynamic cyberworld. In business, poorly designed product management and controls leads to miserable sales. In cyber, rigid frameworks and illusion of adequate controls and policies lead to breaches and low resilience. You are vulnerable, no matter how hard you work to fix implementation.
Yet it was another single piece of information that really hit us hard. After questioning audiences at conferences for over a decade, we found that only about 1% of attendees take away an idea that they implement in the next year. Of those, some stated it was only a minor improvement. With that stark reality, it is no surprise that incidents and breaches continue, costs remain high and cyber teams are burnt out. In short, cyber people face a treacherous climb.
We believe that by going through this site, thinking through the implications – taking time to learn more through the online courses – you can gain what you need to make your cyber world more secure and your life easier.
Brian Barnier is the co-founder of Think.Design.Cyber and the think-tank, CyberTheory Institute that bridges the gap between boards, business leaders, cybersecurity leaders and compliance. He is an avid sailor with a distinctive career spanning: cybersecurity, technology, risk management, new product innovation and financial services regulation.
Brian has pioneered critical, systems and industrial design thinking in the cybersecurity discipline and the use of life-like scenario analysis to address critical issues of evolving threats/attacks, eliminate bad methods that cause breaches, waste money and resources and burnout cyber pros, affecting culture and retention.
He is the author of The Operational Risk Handbook (Harriman House, Great Britain, 2011) used as a textbook by the London Institute of Banking & Finance. In 2020, Brian’s paper with expert Prachee Kale, “Cybersecurity: The Endgame -- Part 1” was honored as the 2020 Article of the Year in the Taylor and Francis EDPACs journal.
Brian has earned coveted achievement awards from ISACA organization’s two most significant chapters. In 2021, he earned the highly distinguished Joseph J. Wasserman Award presented by ISACA New York Metro Chapter. In 2015, he received the V. Lee Conyers Award from ISACA Greater Washington DC.
Brian is a sought-after keynote speaker and facilitator. He conducts board member trainings, outcomes accelerator workshops for cybersecurity organizations and has recently launched coaching for introverted cyber professionals to empower them to become business leaders. He has taught via the Federal Reserve, OCC, FHFA and FFIEC. He has a “Design Thinking for Cybersecurity” course coming soon on CyberEd.io.
Deep in professional guidance, he is a co-author of ISACA’s Risk IT and COBIT, and the Shared Assessments Program. ISACA's IT Audit Framework 2020 points to his work in risk assessment. He is one of the first three “Fellows” of OCEG -- the Open Compliance & Ethics Group – the organization that created “Governance, Risk and Compliance” and served on the Red Book committee (the definitive GRC guidance). Brian is also a contributor to Risk Management in Finance (Wiley, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley, 2014).
At Lucent Bell Labs (Nokia) & AT&T he led teams to 9 patents. At AT&T he led a groundbreaking internal security initiative to enable new product sales. At IBM he launched the first secure distributed messaging software, created the security as a process solution team, co-founded the GRC community of practice and #1 FinTech blogger.
At the City University of New York, he teaches a graduate seminar in data analytics viewed as #1 by several organizations. Previously, he taught at the graduate level at several universities.
Prachee Kale is the co-founder of Think.Design.Cyber, a Founding Executive Fellow of CyberTheory Institute and a multi-disciplinary professional with a 17 year, "4D" career spanning: Cybersecurity & Tech, Business Strategy, Diversity & Inclusion and Executive Coaching.
Prachee’s current work is focused on 1) coaching introverted cyber professionals (who account for 60%+ of cyber workforce) to build their brand and become strong leaders without changing their personalities and, 2) bringing critical, systems and design thinking to cybersecurity organizations so they can accelerate Zero Trust implementation, drive demonstrable business outcomes and cost savings, improve culture and reduce burnout.
She is the creator of “Design Thinking for Cybersecurity” online course, soon to be launched on ISMG’s CyberEd.io education platform.
Her article “Cybersecurity: The End Game Part 1” in the Taylor and Francis EDPACs journal was honored as “2020 Article of the Year.”
In cybersecurity, she has managed strategic investments of over $150 million, reduced spend by 20+%, eliminated antagonistic culture and demonstrated 90% retention rate for more than 3 years Prachee’s business strategy experience comes from working on business and ops/tech transformations, enterprise risk and regulatory mandates, in management consulting and the World Bank.
As a leader in the DEI dept., she is accelerating diversity and ESG initiatives. Prachee is the Executive Sponsor for the Women Leaders program focused on increasing representation of women of all backgrounds.
She earned an M.S. in Bioinformatics from George Washington University, which is about building tech for biological research. She wrote code, conducted scientific experiments on HIV viruses, and did PCR tests (yep, those). Think invasive viruses, the pandemic and cybersecurity!
Prachee speaks on topics of cybersecurity and gender diversity at global conferences, summits and podcasts. She makes meaningful connections with her audience and leaves them with a positive, growth mindset and impact they remember.
When she is not working, Prachee loves to travel, sail and cook. She will surely whip up something delicious whenever you visit!
Fun fact: Prachee was once called a “pit-bull” and “passionate” in two instances during the same meeting!
And many others...
From past centuries and current times who are gratefully credited in The Operational Risk Handbook, the CyberEd.io online course and other writing.
Plus hundreds and thousands of others whom we have met in corporate life, advisory assignments and public programs who have commented and refined the application of critical thinking, systems thinking and design thinking to cybersecurity.
Together, this makes the use of industrial-strength thinking so proven and practical.
Is the critical thinking, systems thinking and design thinking for cybersecurity initiative of ValueBridge Advisors, LLC
Insights are based in the expertise of our principals, inlcuding the product management chapter of The Operational Risk Handbook, Harriman House, 2011 plus subsequent articles