MSS

A Practical Approach to Modern Security Strategy: Insights from Sekuro Customer CISO Lee Roebig

Table of Contents

AUSCERT’s Cyber Security Conference is Australia’s longest running conference of its kind, aimed to connect like-minded information security professionals to foster collaboration, knowledge sharing and to strengthen the cyber security industry.

At AUSCERT 2024 on the Gold Coast earlier this year, Sekuro Director of Strategy & Architecture and Customer CISO Lee Roebig was invited to speak about cyber security strategy. Lee outlined the importance of adapting to evolving organisational structures and technologies, while maintaining a pragmatic balance to stay ahead of cyber threats.

We have distilled his talk into the following easy-to-digest points.

ORGANISATIONS: CASTLE TO SKYSCRAPER​

  • Organisations are in dire need of modernising their cyber security strategies
  • Traditionally, organisations used to be like castles, where everything valuable was centrally located and heavily fortified
  • However, organisations are becoming more like skyscrapers: decentralised, publicly available, and visible from far – making them more exposed and susceptible to cyber threats
  • Our modern corporate landscape, with exponentially more access points into our environments, makes it difficult to discern what is a threat, and what is innocent, as they often look the same
Castle | Sekuro AusCert MSS

Castle

Centralised

Physical Access required

Accessible

Over a VPN

Visible

Over a VPN

Skyscraper | Sekuro AusCert MSS

Skyscraper

Decentralised

Remote workers

Software-as-a-Service (SaaS)

Accessible

Over the pubic internet

Visible

Over the pubic internet

The Cyber Security Team’s Biggest Weapon is Not a Tool or Technology

      • While great technologies such as MDR exist (and Lee is a big fan of them), what’s even more important is a security team’s ability to influence. After all, we can’t make our organisations safer if nobody listens to what we have to say.
      • The correct approach to building organisational influence is to modernise security. This means designing a security program that both complements and accelerates the business goals securely, thereby successfully aiding in digital transformation, through security transformation.
      • A successful modern cyber security strategy avoids 4 pitfalls:
Unclear Objectives | AusCert MSS

Unclear Objectives

Strategies that fail
to articulate what
“good” looks like

Unrealistic Goals | AusCert MSS

Unrealistic Goals

Setting goals that are either too ambitious or too simplistic for the organisation’s size and capabilities

Unbeneficial Actions | AusCert MSS

Unbeneficial Actions

Falling into the trap of box-ticking without considering the real benefits
Unactionable Plans | AusCert MSS

Unactionable Plans

Strategies that are not practically implementable, leading to them gathering dust in a drawer

To avoid these pitfalls, focus on the following principles:

Clear | AusCert MSS

CLarity

Clearly define objectives and outcomes

Realistic | AusCert MSS

REalistic

Set achievable goals that stretch capabilities without being out of reach

Beneficial | AusCert MSS

Beneficial

Ensure every action taken has tangible benefits for the organisation

Actionable | AusCert MSS

actionable

Create strategies that can be easily implemented and followed

A Good Strategy is a Balanced Strategy

It is also important to not be led by an extreme strategy. 

  • strategy fixated on compliance does not necessarily translate into better cyber defence capabilities. Be careful of over-selling compliance to your executives. This misperception may lead to confusion/apprehension in the boardroom when operational problems/threats eventually surface and you’re asking for more money/resources to treat them. Passing an audit and obtaining a certification are only stepping stones on your cyber resilience journey, and it’s our job as cyber leaders to ensure our board/C-suite understand that clearly.
  • strategy fixated on technology is akin to the “shiny toy syndrome”, where you get all the newest solutions, but end up having more solutions than you have engineers to manage them. You will also tend to end up with redundancies with solutions having overlapping features, instead of having consolidated tech and an integrated, optimised stack. 

A good strategy lies in the middle of these two extremes.

Two Extremes | Sekuro AusCert MSS

Sekuro’s 10 Pillars of Cyber Security Strategy

Sekuro has developed a cohesive cyber strategy framework, spanning ten core people, process and technology architecture pillars, to guide organisations on their cyber resilience journey grounded in pragmatism. This proven methodology drives modern cyber strategies inside many Sekuro customers around the world, across every industry.

10 Zero Trust Pillars | Sekuro AusCert MSS

Watch Lee’s full AUSCERT presentation in the video below

Contact us to discover how Sekuro can help you create and/or implement your organisation’s cyber security strategy.

Lee Roebig 1

Lee Roebig

Customer CISO, Director of Strategy & Architecture

Lee is Sekuro’s Customer CISO and Director of Strategy and Architecture. He is an experienced Cybersecurity professional with 17+ years in the technology industry, having previously worked in cybersecurity leadership and architecture roles inside multiple global organisations prior to joining Sekuro. Lee helps clients with Cybersecurity strategy, Zero Trust, Virtual CISO, mentorship, executive advisory and security architecture. He has worked with numerous clients on cybersecurity strategies across industries such as health, insurance, construction, manufacturing, leisure including multiple ASX listed companies.

Sekuro's Latest Insights

Compliance & Standards

Contact Us

Discover the Smarter Way to Transform Your Organisational Security – Connect with Our Experts Today.

Complete the form and we will get in touch within 24 hours.