The Adaptive Cybersecurity Approach

By Téodor Chabin

I have been in the cybersecurity field for more than a decade. I have had the opportunity to see cybersecurity problems from many angles and from different perspectives, in Paris, in Washington, DC, and in Silicon Valley. Wherever it is, what I have seen is a movement of an entire industry in the way cybersecurity is managed – from a “Castle Model” approach, where we invest in cybersecurity to block attacks, to an “Airport Model,” where we also invest in the capabilities to detect and react to attacks.

In that decade I have also seen an evolution of cybercriminals on one side, skyrocketing and spreading attacks to every aspect of our society, including on small businesses and hospitals. On the other side, organizations have also evolved using new technologies like cloud and AI, pushing IT departments to bring innovation and to even have a business approach. The context we were used to working in with cybersecurity has changed a lot, and new technologies in cybersecurity have emerged as a result of that change, such as Cloud Access Security Brokers, or even more recently Zero Trusts technical approaches.

One thing that has not really changed is the way we manage cybersecurity; Plan-Do-Check-Act, for example, is still done the same way as in the last century. And as a cybersecurity expert, I have met many organizations feeling the same pain working with cybersecurity teams. They are slow to deploy cybersecurity, and they adapt with real difficulties to new IT environments and new threats. At the same time, we never stop with cybersecurity. Working in a project mode, which by definition always has an end, is not the most appropriate way of managing cybersecurity in the long term.

Because of this new context of cybercriminality and the acceleration in the move of IT transformation, I believe we need cybersecurity teams that are more agile, can adapt their processes to an evolving environment quicker, and can finally apply digital transformation to themselves. I have been pushing this concept to the different companies I work for under the name “the Adaptive Cybersecurity Approach.” The main concept is to build a backlog that can evolve often using different inputs, can use more tech to monitor cybersecurity deployment and evolution, and can include optimized time for reporting.

One of the inputs of the Adaptive Cybersecurity Approach is using problem solving. Focusing on the real problems facing organizations, we can optimize the rare cybersecurity resources to find the right solutions and bring value to these organizations. And when we focus on these problems we find two kinds of problems. The first problems are traditional tech problems. These are solved in the ways that cybersecurity startups work in Silicon Valley: find the problem, analyze the market, and bring a solution that will fix the problem. The second kind of problems are the ones that can’t only be fixed with tech, or where there is not enough of a big market to find vendors. And that is where it makes sense to have nonprofit organizations or public organizations to work on these issues.

The main issue I had with public organizations or nonprofit organizations is they are often focused on bringing advice. The advice is often accurate and well documented. However,  this advice is often given with many technical words and concepts that are specific to cybersecurity or to some part of cybersecurity, which makes it hard to understand for the people and organizations in need of the advice. As a result, they often need experts just to understand it and later to help them deploy the advice, which is not the vision I am bringing in the Adaptive Cybersecurity Approach.

I met the Global Cyber Alliance a few years ago, and I love their vision. As a nonprofit organization, they have decided to focus more on being doers, bringing real solutions to problems that can’t be fixed by traditional vendors. Their baseline is “Do Something. Measure It.” They have been really successful in just a few years, and they were able to bring a kind of collective intelligence through an international cybersecurity community. So that is why today I am honored to be able to become an ambassador to help them spread their vision and their solutions in the French-speaking world.

The author, Téodor Chabin, is the Chief Information Security Officer for a defense company in France, and a GCA Ambassador. You can follow him on Twitter.