(In alphabetical order)
Despite the influx of cybersecurity tools and frameworks, amidst the ever-increasing number of breaches, it becomes evident that a different approach is needed. True security demands a holistic perspective, acknowledging the intricate interdependencies among various components and the potential ripple effects of our actions. Cybersecurity is a socio-technical problem. So why do so many companies try to solve it with more tools and gadgets? Only through the application of critical thinking, system thinking and design thinking we can forge resilient solutions that transcend superficial fixes. Regrettably, the art of system thinking in cybersecurity has become scarce, with only a few understanding the concepts. We must cultivate our own understanding and application of these essential skills and commit to the essence of this approach to foster true cybersecurity.
Jim has earned the CISA, CRISC, CISSP designations. He is an award-winning CISO & Cybersecurity Advisor.
CISO burnout, reliance on compliance as a “check-the-box” solution and reactive responses to cyber threats are all symptoms of cybersecurity governance weaknesses caused by a lack of contextual understanding of the innerworkings of complex digital systems at the heart of modern business enterprises. These weaknesses are exacerbated by communication gaps between the board and risk managers.
Unchanged, cybersecurity will remain a chaotic and ineffective exercise in “whack-a-mole” reinforcing burn-out and stress for cyber pros – and more breaches.
Improving governance and closing this gap requires organizational, educational, and cultural changes which address root causes of cyber risk, adopt industrial strength design thinking to result in a common understanding between the board and risk managers of the innerworkings of complex digital business systems.
Mr. Hackman has extensive experience heading the cybersecurity oversight function of an NYSE company. His career has been dedicated to capital formation, M&A, corporate development, and the creation of shareholder value as an advisor and entrepreneur. Mr. Hackman is a former member of several public and private Boards of Directors and has served as lead director and as the head or member of all chartered committees. As a former Naval nuclear engineer, Mr. Hackman understands the importance of understanding, protecting, and building resilience into complex digital business ecosystems.
As a former CIO of one of the world’s largest global financial services institutions, cyber security was one of my most significant challenges. The biggest problems that I dealt with in the cyber security domain were: the notion that cyber security was an IT problem; and the legacy siloed nature of the organization with regard to the ideation, design, implementation and management of effective measures to defend our assets against ever-evolving cyber threats posed by increasingly sophisticated (and well-funded) actors.
It was evident that any effective solution needed to deal head-on with these problems, including senior executive commitments to viewing these challenges as both cultural (internal and external norms, values, principles, guidelines, education and training),as well as the continual reassessment and enhancement of IT program design and development project lifecycles, most importantly including 360 degree views of (internally and externally facing) products and services as well as providing for the inclusion of appropriate cyber security measures from the beginning of each project rather than simply tacking on these features at the end of the design process.
These changes to the traditional life cycle allowed us to balance the needs of a robust cyber security implementation while delivering a satisfying user-experience across the full stakeholder value chain. The disciplines inherent within Critical Thinking and Design Thinking during the ideation stage, and Systems Thinking throughout the implementation, deployment and production stages of all major projects were invaluable tools to enable us to accomplish our objectives. The use of these disciplines enabled us, in many cases, to proactively get out in front of challenges and measurably reduce losses due to cyber threats. The accrued value of these cultural and IT development changes enhanced both company brand and internal morale as additional benefits realized.
Think.Design.Cyber is crucial to help you outthink the adversaries, by applying one innovation at a time and embracing the power of design thinking to revolutionize cybersecurity.
We can transform cyber risk into resilience by adopting critical thinking, systems thinking, and industrial-strength design thinking. With these proven "thinking" methods and practical solutions, we can create a safer world while achieving a better work-life balance.
Say goodbye to self-inflicted breaches and structural flaws. It's time to implement authentic Zero Trust strategies, redefine how we work, and put people at the center of cybersecurity with design thinking.
Mel Reyes is Chief Information Officer & CISO at Getaround
The current situation in cybersecurity hearkens back to the old poem about the six blind men and the elephant. In that old saw - six blind men are asked to describe an elephant based on what they touch. So the elephant's a snake for the one who is touching the tail, the one touching the leg thinks it's a tree, and the one touching the side thinks it's a wall.
The black hat community counts on you not seeing the whole elephant. And that's the reason why we have been so spectacularly unsuccessful in protecting our virtual assets.
How unsuccessful? Well... in 2016, global losses amounted to a half billion dollars. That quadrupled to two trillion dollars four years later and it's projected to double again by 2024.
That isn't a track record to brag about and it's the reason why the first step in seeing and dealing with the elephant requires conscious design thinking... where every aspect of the problem is conceptualized into one effective understanding.
I am currently working with the automotive sector, which is in the process of responding to the regulatory requirements of the UNECE.
That response will require the OEMs and their suppliers to see and understand exactly what their particular elephant looks like, and that can only be done from the top - with Industrial-Strength Design Thinking as in Think.Design.Cyber.
Dan is Professor at University of Detroit Mercy, Distinguished Visitor of the Institute for Electrical and Electronic Engineers and Member of the Editorial Board of Computers and Security.
Dan is also one of the editors of the “Joint Curriculum” for cybersecurity university education https://www.routledge.com/The-Cybersecurity-Body-of-Knowledge-The-ACMIEEEAISIFIP-Recommendations/Shoemaker-Kohnke-Sigler/p/book/9781032400211
Patching code or running a firewall are no more cybersecurity than adding olive oil to a pan is cooking and serving a gourmet meal. They may be required components, but they aren’t enough by themselves.
Thinking in terms of overall design — holistic comprehension — is required to produce something exceptional. Securing a system or cooking a meal are all more than individual steps — they are systems of plans and actions that occur within a context.
You need to understand the overall context and process of what you are doing to prepare and execute an integrated plan to accomplish your goals well.
You need to think in terms of overall design goals and principles if you want to be sure to not omit something important. The end goal is never to simply follow a recipe, but to complete an overall design that meets needs.
Spaf has been working in cybersecurity for over 40 years. He is a professor at Purdue University and the founder of CERIAS. He is credited with many “firsts” in the field and has been repeatedly honored for his many contributions, including being elected to several cybersecurity Halls of Fame.
His 2023 book is entitled “Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.” https://informit.com/cybermyths
Founder of the Stanley Consulting Group
Think.Design.Cyber’s approach to applying Industrial Strength Design Thinking to the Cybersecurity industry is a game changer.
If applied correctly, this is a game changer for those who work in the industry reducing stress and burnout and empowering cyber pros to better protect people from danger. The solution to cybersecurity lies not only in developing new technologies and regulations but empowering and evolving the cyber pros with differentiated thinking, creative problem solving and people skills. The next level evolution of cybersecurity in the US lies in the latent power of its workforce.
Much has been reported on and written about the threat landscape and how it changes not every day, but every second of the day. At the macro-level, i.e., organizational level, the demand on an organization is taxing both in time and resources. If we look at the situation from a micro-level, i.e., the point of view of the individual, this makes a cyber professional’s job very stressful.
Industrial-Strength Design Thinking was pioneered by people like William Davis who created the refrigerated railcar in 1867 inspired by fellow Detroiter J.B. Sutherland for fruit and expanded by George Hammond to meat in 1868. Then scaled by Albert Kahn and Henry Ford at Ford’s pioneering Highland Park Plant in 1910 that became the foundation for all complex systems design.
Designing cyber using this approach will take into account what we as humans need to perform our day-to-day jobs in the cyber security space.
As one of the founding members of Think.Design.Cyber, co-founder Prachee Kale describes it, “Most cybersecurity professionals identify as introverts, who now must step up a become leaders of business right next to their CEOs, COOs and CIOs. Introverted personality traits were compounded by remote work due to the impact of the pandemic.”
That alone further strengthens why Think.Design.Cyber’s approach is a game changer as this is an opportunity to make cyber careers more rewarding.
© Copyright 2010-2023. All rights reserved. ValueBridgeAdvisors, LLC