The Rise of Cybersecurity Project Managers

| | | 0 comments

According to Ponemon Institute the average cost of a data breach in 2017 for an organization was $141 per stolen record, and $3.62M per occurrence. The financial costs are just a portion of the actual damages, with consumer trust and reputation management being harder to quantify and many times repair.

Foghorn Consulting - Rise of the Cybersecurity Project Manager

Virtual armies are deployed working 24/7/365 to find even the smallest vulnerability. Aspiring cyber criminals  are constantly poking at the firewall, systems, process and procedures to find the weakest link to exploit. While hackers have to be correct just once, the modern CISO and team has to be right 100% of the time to keep nefarious activity at bay. A comprehensive cybersecurity program and Cybersecurity Project Manager (CS-PM) has never been more essential for all organizations with assets in their own data center or in the cloud.

Here at Foghorn we plan for success, but also prepare for failure. Through our decades of experience we realize that no one will be perfect 100% of the time. This reality informs our advocacy for a layered security approach to slow attacks. We employ real-time security monitoring to quickly identify breaches and deploy our incident response capabilities to stop them quickly and efficiently. By implementing our recommended tools the correct forensics will be gathered. Our clients will be able to identify what was compromised and from what channel.

Our seasoned team of Cybersecurity Project Managers (CS-PMs) play a vital role in providing guidance for stakeholders who are responsible for managing teams, designing and implementing organizational processes and procedures to ensure that workloads deployed or developed in the cloud, align to the organization’s security, resilience, and compliance requirements.

Three reasons why a CS-PM may be a good fit for your organization

Compliance

Whether your industry is in Life Sciences, Health Care, Financial Services, SaaS or High-tech a comprehensive architecture that satisfies your industries compliance is compulsory. CS-PMs add tremendous value to an organization. Our CS-PMs assist with establishing a security management environment that provides complete visibility and transparency into the information security infrastructure. This enables organizations to identify and fix security gaps quickly and efficiently.

Foghorn Cybersecurity Project Managers add tremendous value to organizations by aligning teams to optimize Governance, Risk Management, and Compliance (GRC). This streamlined approach provides an ideal framework to identify areas of non-compliance, plan ongoing security initiatives and implement critical security controls. Our responsibility is to prioritize, request funding and initiate any corrective actions deemed necessary for compliance conformity.

Security Vulnerabilities

Foghorn’s CS-PMs monitor each process and sub-processes on continuous basis. We are focused on improving security and reducing the risk profile of network assets. Vulnerability management is a continuous information security risk process that requires diligent management oversight.

Your CS-PM can be the lead in managing high-level processes, including discovery, asset prioritization, vulnerability scanning, assessment, reporting, remediation, patch management and verification.

Security Threats

A threat is a possible danger that can result in a security breach that causes destruction, disclosure, adverse modification of data and/or Distributed Denial of Service (DDoS). Our CS-PM’s goal is helping to define the threat detection process in order to lower the difference in mean time between when an attack occurs and when responsible agency staff becomes aware of an issue.

Our CS-PM can successfully manage threat detection by implementing Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and protection practices such as programs, policies, procedures and technologies that enable organizations to identify and respond to threats.

Checklist for Initial Cybersecurity Project Manager Conversation

  • Identity & Access Management (IAM)
  • Privileged Account Management (PAM)
  • Infrastructure Security (Firewalls, IDS, IPS, Network Monitoring, …)
  • Detective Control (Endpoint Detection & Response (EDR), Physical Security, …)
  • Data Protection (DLP, DR, …)
  • Incident Response (SecOps, Security Information and Event Management (SIEM), …)

In today’s hack happy world an organization must have a comprehensive view of security from a business point of view, so areas of greatest risk are identified and mitigated. Information security systems, reports, and data must be visible and transparent so that vulnerable areas that need immediate attention can be easily identified.

A steady and seasoned Cybersecurity Project Manager can assist in building a system where roles, responsibilities and processes are clearly defined.  This comprehensive platform is designed to respond rapidly if a security breach occurs to minimize damage to the bottom line and reputation of the organization.

Related Blogs

Keyless Applications – Keep Your Secrets Hidden

Keyless Applications – Keep Your Secrets Hidden

In my previous Blog Send Attackers Phishing Somewhere Else, you may have noticed the following HTTP request made to the Hashicorp Vault service in order to retrieve a temporary set of database credentials:In that request, you will notice the HTTP header X-Vault-Token...

Send Attackers Phishing Somewhere Else

Send Attackers Phishing Somewhere Else

Send Attackers Phishing Somewhere ElseA few years ago, I heard a keynote by Eleanor Saitta where she asked the question “How fast can you burn out a compromised user?”, and which she posited that anything longer than one minute was just too long.  After I picked my...

Maintaining A Stable Supply Chain During Unstable Times

Maintaining A Stable Supply Chain During Unstable Times

With global threats escalating on a daily basis, software developers must remain as vigilant as ever to keep their code secure from threats. The events of this week leading up to CVE-2022-23812 have highlighted this simple fact with a supply chain attack that has the...