I like to be informed on whats hot in cyber security. Most of the time, it’s in the form of webinars. However, after this week, I realize after attending five “How To Improve Your Cyber” events, exactly the same advise was repackaged and presented:
- Patch Your Systems
- Backup Your Systems
- Harden Your Systems
Let’s Take Colonial Pipeline
Anyone doing a webinar on how exactly Colonial Pipeline got hacked? What tools were they using? What security framework? How big was their security team? Outsourced or SOC? SIEM? EDR? Automation?
“Disclosing these technologies would be a security vulnerability in itself. No company is going disclose security details”
I totally get it. But let me challenge you on this: Are you teaching people how to fish or just telling them to fish?
Most of these cybersecurity webinars are telling people… not teaching.
Be prepared for harsher feedback, because educating cyber leaders and pros with arguments substantiating the same advice is repetitive and making me want to not click “register”.
\\ JMM