What’s the best way to learn how to build/lead a cyber security team in a fintech company?
I have nearly 30 years of systems engineering/security background and transitioning to leader role. What is the best way to establish cyber security team in a company? What would you look at first?#cybersecurity #cybersecurity #security
NIST CSF has the 5 areas - identify, protect, detect, respond, recover. In all honesty what you really need to do is identify where the immaturity and pain points lie by doing a gap analysis against NIST or ISO 27001 or even Cobit and building key relationships with the business and other SM team. Once you know the Gaps you will know the right skill sets and ppl required to fulfil their roles - aligned to the framework. You need to look at the strategic capabilities and governance first along with risk items. Identify what the most critical assets are, understand the business, it’s strategy, operations and key datasets. Build relationships so you win support. If gaps suggest admin controls weak, build out the policy, standard and baselines etc.
I would say make sure you understand the baseline of what is going on in the environment. Set up some logging to start Run a scan in the environment Then see what talent you need to get those fixed. Help build up your team with the knowledge you have , I think that's a huge problem in the security community of not passing on information and helping build a learning environment. Enjoy the word vomit above
Are you at amazon?
GRC will guide you. NIST 5 areas. i forget the exact name of the model just now. for dev implement mitre att&ck to guide you. the best way is to hire someone who has done it and learn from them. what you’re really asking is what’s the 2nd best way to do it