“Cyber security is the way an individual, business or organisation deploys and manages technology enabled capability to identify, protect, defend, respond, and recover digital assets and services from cyber threats. It encompasses the service lifecycle and enables organisation to both defend and disrupt, dissuade, deny, and disable cyber threats through legal means.
In a business environment in terms of being a professional is where you practise the art of cyber (defence/offense) in a professional capacity (e.g., as an occupation).
Regarding the demarcation between security domains and technology management ones, the lines become more blurred. Different scenario will require different capabilities aligned with business outcomes and within constraints (aligned to risk appetite and tolerance). Quite simply there is not a right or wrong model, there are simply ways of developing and operating capability to suit the position. You cyber capability could be led by a dedicated security team, by IT or through an outsourced position (or a hybrid). The idea that one single model is cyber, and one isn’t from my perspective frankly out of alignment with reality. Most organisations in the world don’t have dedicated technology management capability, let alone dedicated security specialist capability. Large parts of the cyber security industry rely on that model to be viable businesses. Conversely many organisations with dedicated cyber teams still get pwn3d. Through both my professional work and community/industry activity, I have been exposed at scenarios looking at organisational and country level scenarios. What I can say is that we need to rapidly enable development of cyber capability both at the entry level and in the developed space, if we want to succeed in ensuring a strong, resilient cyber security capability as a race.”
Why did I write this? I think we’ve got a serious challenge in the present and future with how we defend our way of life in the digital space. I think we have a challenge where we do not have enough defenders. I say this quite a bit in my travels but we must defend harder if we want to knock back the wave of cyber incidents and ransomware we are facing.