Matt Coose is the founder and CEO of Qmulos, a cybersecurity compliance company, and previously served as Director of Federal Network Security for the (DHS) National Cyber Security Division.
CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Koos says “best of breed” is better described as “best on a budget.” This is a bottom-up, technology-first, reactive approach to acquiring technology rather than risk management. Choose provides the following key considerations for how CISOs can navigate the crowded market for cybersecurity tools, as regulations continue to proliferate even as costs come under intense scrutiny. are sharing.
A platform is what every vendor dreams of being called, but no one platform does it all, Koos says.
Coose shares what smart CISOs and mature organizations understand that others don’t.
• Money cannot buy you ways to avoid security problems or develop a better risk posture. They understand the need to evolve to a dynamically adaptable, evidence-based security management strategy that is top-down, risk-driven, inherently business-aligned, and dynamically adaptable.
• By considering technology choices through the lens of risk management (and the associated data provided by the technology that implements those controls), we ensure that technology choices are reliable and transparent, independent of vendor preferences or the latest market trends. Enables you to make strategic technology portfolio management decisions.
• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.
• The original purpose of security and regulatory compliance as a model for proactive and consistent risk management (leading indicators) rather than just historical reporting and auditing capabilities (lagging indicators).
• Managing risk, compliance, and security as separate functions is not only wasteful and inefficient, it also denies companies the ability to cross-leverage critical people, process, and technology investments. .