Network Security

Driving the mission forward

Focus is often not easily attainable in our profession. The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux. Add on increases in the threat environment, technology shifts and an explosion in size of threat surfaces, and your full-time job becomes chief prioritization officer.

There are many things we can do to drive our missions forward while we manage the process of our business protection evolution. The key to success is forward momentum. Any act that drives change, large or small, will help, starting with these three complacency fighting tactics.

Create controls assurance – Create a process to measure the suitability of your controls. Our programs are based on controls – but once implemented how often do we measure if they're effecting the change we planned?

Review the control, decide if it works as intended and make proactive decisions on whether to keep, remove and redistribute the operating cost to higher priority or change it.

Create urgency – Creating urgency is often mixed with the connotation of “selling security through fear.” These ideas could not be further apart. Urgency means that you've educated someone to facts that in turn drive action.

Have a vendor do a proof-of-concept with a new technology that provides insight into a specific gap in your security program. Lead a fact-gathering business analysis using graphical data flows, application access and data sprawl with your business customer to provide them with a visualization of the impact to their business. Finally, spend time with your team taking them through the downstream residual impact of the operations you provide and instill a sense of mission urgency.

Create momentum – Create momentum through action itself. To achieve this, create a list focusing on reducing risk and closing gaps in your environment. Site specific issues, how they impact the business, how a change would reduce the risk and offer solutions.

Next, create a critical asset protection program and put it to use to protect the crown jewels. Include steps to document assets, test, remediate and monitor using your existing resources when possible.

Being a good security practitioner means being a good business partner. The actions above demonstrate leadership, financial accountability, resource management and relationship management. But most importantly, they deliver actionable changes that increase the efficacy of our programs and get our business that much further up the maturity curve of protection.

Roland Cloutier

As Global Chief Security Officer of ByteDance & TikTok, Roland Cloutier brings an unprecedented understanding and knowledge of global protection and security leadership to one of the world’s largest leading media, social, and online technology companies. With over 25 years of experience in the military, law enforcement, and commercial sector, Roland is one of today’s leading experts in corporate and enterprise security, cyber-defense program development, and business operations protection.

Roland continues to lead by example in the development of the security industry through practitioner excellence. He was most recently honored as the RSA Conference 2016’s Excellence in the Field of Information Security Award Winner. He was also named the #1 Security Executive of the Year by ExecRank, Tech Exec Networks’ Information Security Executive of the Year, and one of the Most Influential People in Security by Security Magazine.

Paving the way for the world’s next generation of security leaders, Roland is also the distinguished author of his book, ‘Becoming a Global Chief Security Executive Officer’ where he shares his expertise on how to advance the practice of security executive management, security program architecture and how to effectively plan for the future demands of leadership in global security.

Roland is a member of the Executive Security Action Forum, The Security World 50, and serves on the Board of Directors Cyber Subcommittee for Blue Cross Blue Shield Association, the Board of The International Consortium of Minority Cybersecurity Professionals (ICMCP), and the Board of The National Cyber Forensics Training Alliance (NCFTA). As a U.S. Air Force veteran, he takes the time to give back and volunteer for veteran organizations such as the American Legion, and 100 Nights of Remembrance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.