Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded.
Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities.
CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations.
Helpful Advice for CISOs with Small Security Teams
Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company Cynet—which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible solutions (See here).
With his broad and deep cybersecurity background, Brian is able to provide pragmatic advice to CISOs that are overwhelmed with the myriad activities and programs required to protect their organizations.
In the first installment, Brian provides an excellent series of videos to help CISOs better understand and prepare for adopting the NIST Cybersecurity Framework (CSF).
Brain is a big advocate of using the CSF guidelines to help CISOs better understand, manage, and reduce cyber risk. The video series walks through several components of the CSF framework that ultimately help CISOs decide where to focus their time and budget for cybersecurity protection.
The NIST CSF is an excellent approach for CISOs to step back and logically assess their current situation and then develop a practical plan of action. It helps them focus on high priority items and ensure that the highest priority risks are identified and addressed. The biggest benefit for a CISO may be a higher level of assurance that critical gaps are not being overlooked.