Joining a startup as a senior sec engineer and need to create a strategic plan. I’ve done them before utilizing Mitre but this needs to be more CISO focused, so visually appealing. Any tips on bigger picture initiatives and design?
First, understand the business priorities. Do security program audit, review IT processes, review threat picture. If the company do not have security architecture, make one of current state and based on framework and business priorities make desired future state.
Solid answer
India
9h
566
Why Worshipping Lord Ram Important in Hinduism?
Tech Industry
3h
778
Racism towards Indians
Tech Industry
Yesterday
418
What % raise did you get this year?
New York
8h
597
Real talk: in what way private schools are better than public in nyc?
Personal Finance
Yesterday
1549
IRS Warns Thousands of Taxpayers They Could Face Jail Time
Start with a framework. Like NIST, ISO 27001, or CIS, or whatever compliance frameworks are relevant in your industry (FedRAMP, HIPAA, PCI, SOC 2). As disconnected as they are from day-to-day security practices, they still can provide a basic check-list of what your org should be doing and where to prioritize efforts in the development of a security roadmap. Though the security industry hasn't come to a consensus on how to measure security efficacy, measuring against a framework is generally agreed upon and easier to digest for senior management.