Cyber Manifesto

1) There's 4 factors to focus on: People, Processes, Technology, & the Environment. Let's not forget each of these are important

2) Software ages like milk not wine. Therefore patching is a core competency

3) Good configuration is just as important as patching. If you can not measure it, you can not improve it. Don't let Shodan be your asset inventory

4) Strong access control and authentication limit the scope of an organization's attack surface and help with attack attribution

5) Keep it simple. Users will not follow complex directions

6) Focus on the objective. Don’t let perfect security stop short term progress

7) Mission Impact (often shown in $), Costs, and Risks are the three common languages to speak to executives

8) Cyber needs to enjoy learning new technologies and learning how developers work. These two things improve empathy, build relationships of trust, and provide cyber specialists the technical chops to provide better guidance

9) The future of security is automation and standardization. Automation and standardization are some of the few things that can truly scale

10) Business continuity and backups and are keys to being resilient