I have nearly 30 years of systems engineering/security background and transitioning to leader role. What is the best way to establish cyber security team in a company? What would you look at first?#cybersecurity #cybersecurity #security
NIST CSF has the 5 areas - identify, protect, detect, respond, recover. In all honesty what you really need to do is identify where the immaturity and pain points lie by doing a gap analysis against NIST or ISO 27001 or even Cobit and building key relationships with the business and other SM team. Once you know the Gaps you will know the right skill sets and ppl required to fulfil their roles - aligned to the framework. You need to look at the strategic capabilities and governance first along with risk items. Identify what the most critical assets are, understand the business, it’s strategy, operations and key datasets. Build relationships so you win support. If gaps suggest admin controls weak, build out the policy, standard and baselines etc.
I would say make sure you understand the baseline of what is going on in the environment. Set up some logging to start Run a scan in the environment Then see what talent you need to get those fixed. Help build up your team with the knowledge you have , I think that's a huge problem in the security community of not passing on information and helping build a learning environment. Enjoy the word vomit above
Are you at amazon?
World Conflicts
9h
395
Israeli precision-guided munition likely killed group of children playing foosball in Gaza, weapons experts say
Tech Industry
Yesterday
3929
What happens when most of your team is Indian?
Tech Industry
6h
324
Is there a WORSE social media than LinkedIn???😭
AMA
Yesterday
1172
PM Manager, early 40s, married and ENM (Ethical Non Monogamous) AMA
World Conflicts
8h
357
Is "From the River to the Sea" So Wrong?
GRC will guide you. NIST 5 areas. i forget the exact name of the model just now. for dev implement mitre att&ck to guide you. the best way is to hire someone who has done it and learn from them. what you’re really asking is what’s the 2nd best way to do it