Protecting the Castle

I started my Cybersecurity journey about a year ago. Honestly, I didn’t even know where to begin? Then I started to watch YouTube videos, listen to podcasts, and then start taking classes on my own to get certified in various aspects of cybersecurity. Through those classes and cyber seminars, I met a lot of individuals just like me either new to the cyber security field or have been in a field for many years and now finally started to work on their certifications like CISSP, CISA, CISM. But as I strike a conversation with them about the current situation in Cyberworld and started to think more strategically, I’ve kept asking myself literarily the million $$$$ question, where are we going wrong? Where did and are all the experts with so many certifications and guidelines to follow, when the companies get hacked, where are we dropping the ball? You don’t think all the Companies, Organizations, and Govt institutions that have been hacked and had some sort of defense mechanism in place?

Macy's, Microsoft, Nordstrom, Conoco Philips, T Mobile, FBI, NSA, CIA, Air Canada, AOL, Ashley Madison, Zoom, Facebook, Nintendo, Sony, Whisper, Discover and Mastercard, Adobe, Bank of America, Cox Communication, MGM, ADP, Embassy Cables, California Child support, Apple, Bulgarian Revenue, UK Driving Standards, Florida Dept of Juvenile Justice.

From:

• NIST 800-53 – Mandatory for federal agencies (FISMA & Fedramp)

• ISO 27001 – Cybersecurity control objectives

• ISO 27002 – Cybersecurity control implementations

• ISO 27701 – Privacy controls

• ISO 31000 – Risk management programs

Or have had employed men/women who had 1 or more these certifications, like:

• CISSP - Certified Information Systems Security Professional

• CISA - Certified Information Systems Auditor

• CISM - Certified Information Security Manager

• Security + - CompTIA Security+ is an entry-level security certification

• CEH – Certified Ethical Hacker

• GIAC – Global Information Assurance Certification

• SSCP – Systems Security Certified Practitioner

• CASP+ - CompTIA Advanced Security Practitioner

• GCIH – Certified Incident handler

• OSCP – Offensive Security Certified Professional

• FISMA – Federal Information Security Management

I think we’re making this more complicated than it already is. Writing more guidelines and keep coming up with new certifications while our castles are getting hacked is not a solution. It's high time we must re-evaluate our strategies to protect our Castles/ organizations for which we get paid to protect.