Reduce Risk, Increase Speed: How Security Enablement Drives Cybrary Forward
Governance/General SecurityThe policies, procedures, and principals governing the overall security posture of the company. This includes high-level guidelines that provide an "on-the-ground" decision making framework as well as more prescriptive rules and practices such as a BYOD policy. As the Head of Security, I own these and am responsible for ensuring everyone is aware of and adhering to them.
Internal IT SystemsThe hardware and networking infrastructure of the company. These are the underlying systems that enable people to do their jobs and are distinct from any production, development, or research environments. For example, networking devices, video-teleconferencing equipment, and desktop/laptops. The IT department (or person) is responsible for securing these systems and working with end-users to ensure they are securely maintained and operated.
Corporate Applications & InformationThe desktop applications and SaaS/PaaS services used daily by staff in the course of their jobs. This includes associated data, records, and work products. The IT department is responsible for configuring and controlling access to these systems, but the individuals using them play the most critical role in ensuring their security.
Secure Application Development & DeploymentThe production application/platform and associated data developed and operated by the company. At Cybrary, we have a DevSecOps mindset. As such, all of the engineers are responsible for ensuring the overall security of our platform, environments, and deployment pipeline.Breaking down security is the starting point that enables me to identify and work with the right stakeholders. The next steps are to educate team members, to provide them with the right tools, on-going training, and guidance, then to empower them to make decisions. By doing this, I spend more time providing advice and consent than I do chasing people to comply with policies or hunting for security issues that have already been created. Security has become part of the creative, problem-solving process, rather than an obstacle and gating function. We innovate faster because we do not have to revisit bad decisions or unwind poorly implemented, insecure solutions. Mistakes are inevitable, but through Security Enablement, Cybrary reduces risk while accelerating results to our customers.
Watch the interview with Mike Gruen discussing Security Enablement
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!