Cyber-Cy
Menu
If you're one step ahead, you're a Leader,
If you're two steps ahead, you're a Visionary,
If you're three steps ahead, you're a Heretic.
* But when the Heretic is right we call them Revolutionary.
The Doctor is in...
Welcome to my Cyber-Cy webpage.
I use this website to post articles of interest, white papers I have submitted for peer review, and funny images of how my name get spelled and misspelled. My professional background can be found here on LinkedIn.
I joke that there are three things in the world I can talk all day about: Insider Threat & Counterintelligence, Star Wars, and G.I. Joe.
I'm passionate about helping others and leading with care and am active in the community - please support your local charities and remember that they probably need your time and energy more than your monetary donations.
I use this website to post articles of interest, white papers I have submitted for peer review, and funny images of how my name get spelled and misspelled. My professional background can be found here on LinkedIn.
I joke that there are three things in the world I can talk all day about: Insider Threat & Counterintelligence, Star Wars, and G.I. Joe.
I'm passionate about helping others and leading with care and am active in the community - please support your local charities and remember that they probably need your time and energy more than your monetary donations.
Title: Information Security Starts with the Employees
Abstract: Organizations continue to spend exorbitant budgets to combat the issue of insider threat with one source estimating it at $270B/year by 2026 (Forbes, 2020). By comparison, the cost to put a man on the moon, a literal moonshot, which is the greatest accomplishment in the history of mankind, was $283B (when adjusted for inflation) and that was spread across thirteen years from 1960-1973. The cybersecurity industry’s approach to insiders has reached a tipping point where the methodology and framework have become unscalable, inefficient, and ineffective and the only strategy appears to be doubling down on buying more technical solutions. Organizations appear to be failing across three main areas: 1.) developing a long-term strategic risk-centric approach that fits with the globally changing political, sociological, and behavioral environments, 2.) an over-reliance on technical tools and related training materials to more accurately and expeditiously identify an evolving threat, and 3.) an overemphasis on employing technical rather than insider threat subject matter experts (SME). The results of this research are to provide organizations with critical datapoints and examples that can be used to propose solutions so they can better address the actual root-cause of insider threats and not the symptoms and evolve their Insider Threat Programs (InTP).
Download Here: https://www.sans.org/white-papers/40375/
Featured Here: SANS Technology Institute Research Review Journal (Vol. 2 Issue 1)
Abstract: Organizations continue to spend exorbitant budgets to combat the issue of insider threat with one source estimating it at $270B/year by 2026 (Forbes, 2020). By comparison, the cost to put a man on the moon, a literal moonshot, which is the greatest accomplishment in the history of mankind, was $283B (when adjusted for inflation) and that was spread across thirteen years from 1960-1973. The cybersecurity industry’s approach to insiders has reached a tipping point where the methodology and framework have become unscalable, inefficient, and ineffective and the only strategy appears to be doubling down on buying more technical solutions. Organizations appear to be failing across three main areas: 1.) developing a long-term strategic risk-centric approach that fits with the globally changing political, sociological, and behavioral environments, 2.) an over-reliance on technical tools and related training materials to more accurately and expeditiously identify an evolving threat, and 3.) an overemphasis on employing technical rather than insider threat subject matter experts (SME). The results of this research are to provide organizations with critical datapoints and examples that can be used to propose solutions so they can better address the actual root-cause of insider threats and not the symptoms and evolve their Insider Threat Programs (InTP).
Download Here: https://www.sans.org/white-papers/40375/
Featured Here: SANS Technology Institute Research Review Journal (Vol. 2 Issue 1)
Proudly powered by Weebly