Finding The Hidden InfoSec Story

Sprinter, Marathon Runner – or Both?


Paralympic medalist Richard Whitehead. Photograph taken by Julian Mason.

I’m a huge admirer of Richard Whitehead. Amongst his many achievements Richard sprinted to Gold at the London 2012 Paralympics, in the 200m T42 athletics event. He also holds the world record, for athletes with a double amputation, in both the full and half marathons.

In 2013 he ran 40 marathons in 40 days, an achievement described by the BBC as “Heard the one about the man with no legs who ran from John o’Groats to Land’s End?”

Richard has signalled his intentions both to defend his Olympic 200m Gold, and to compete in the Marathon at the 2016 Rio Olympics. Inspirational is used to describe many people, but to Richard Whitehead it truly applies.

So what does this mean to a CISO? Well, your team needs to be able to win a sprint, and they need to be able to run a marathon. And they may well need to do both at the same time, many times over and be winners every time.

Let’s consider cyber-attacks, currently so much in the mainstream news, and therefore exercising the minds of CISOs and the minds of their CEOs and boards.

Your organisation experiences a cyber-attack, and the sprint is on. This and many other types of incident need an immediate, rapid, and effective response – a response that brings incident management, incident investigation, and then the identification, evaluation and implementation of corrective actions. And the CEO and board will need to be kept well briefed.

Whilst all this is happening numerous internal and external information feeds, reports and assorted metrics need to be assessed and analysed. Disparate data needs to be correlated and trends need to be identified to spot the potential for future attacks, and to ensure emerging threats and vulnerabilities are assessed and correctly addressed. The Marathon is on, and it’s at the same time as the sprint.

CISOs need to ensure their team has the right mixture of ‘sprinters’ and ‘marathon runners’ (for smaller organisations, all-rounders are essential). And the CISO must be the one who understands and implements the different strategies needed to win at both disciplines. They must also make sure the training regimes are in place to maintain and enhance the skills that keep the team winning in all of their races.

Get all this right, make sure your team know when they have put in a Gold medal performance, and you will be an inspirational CISO.

Author: Steve Pomfret

Share This Post On