Neal Humphrey, VP, Market Strategy 
In our next volume on Cyber Architects, Deepwatch guides CISOs beyond the conceptual framework of cyber architecture, providing concrete steps on how to become the Cyber Architect of their organization.
In the first section of Volume 2, we talk about shifting focus in cyber. The first step Cyber Architects must take is to make a conscious decision to look at and communicate security in a manner that clearly delineates from reactive vs proactive to reactive vs proactive vs preemptive.
As a CISO and a Cyber Architect, security is a game of controlling the controllable. Attempting to control the outside world of threats, dangers, and random attacks, and fully protecting an organization will require either walling the business off into insolvency, or committing fully to insomnia, burnout, or mass confusion. Neither are great goals.
But there is a middle ground. Reactive and proactive steps are certainly where to start, but preemptive cyber should be added to the equation so you can plan for events that have not yet happened, and frankly may never occur to you or your organization.
By managing and analyzing data from diverse environments in real time, organizations respond to both known and unknown threats more effectively. Leveraging advanced analytics, unifying workflows, and maintaining end-to-end visibility enables faster, more accurate decision-making and strengthens resilience.”
–Mick Baccio, Global Security Advisor at Splunk
Why think about or prepare for things that may never happen? Simply put, to attempt to practice the entirety of responses and processes that an organization may need to utilize in response to an effective attack or technical issue.
Look at it this way. Was a global blue screen of death episode on anyone’s 2024 bingo card? Highly doubtful. But was a widespread ransomware or malware attack that could impact system availability for a company in the cards? Yes, yes it was. The outcome is the same, and preemptive thought and practice against an outcome is where a Cyber Architect needs to start. Starting from the outcome allows for the creation and implementation of written protocols that identify, interrupt, and correct issues before they even arise. They spell out the path forward so that when things do ultimately go awry, companies can take their practiced action immediately.
That means fewer CISOs pulled from bed in the middle of the night to deal with security crises. It also means reaping the benefit of taking swift action, which ultimately can ease the damage that security mishaps have on both the bottom line and long-term brand reputation. More than half of all people in the U.S.—55 percent—say they’d be less likely to do business with a brand that suffers a cyber attack, CNBC reported.
The preemptive approach is the culmination of thinking as a Cyber Architect, but the entire organization must be involved in setting such protocols and brainstorming effective responses. A Cyber Architect will have already broken down and communicated with different business silos and formed relationships with key business leaders. This group of business leaders can then help with the validation and management of the preemptively discussed protocols and process with open and honest discussions about how various scenarios would impact the future of the business and provide the cyber resilience needed to continue operations against a storm of attacks, or quickly recover and re-provision against a systemic shutdown.
This shift toward preemptive planning, along with additional thoughts and points on how to determine impactful areas of the business, form wider relationships to communicate across the business, and be continually impactful and effective in the business and cyber programs, are all included in Volume 2 of A Cyber Architect’s Playbook, released today and can be found here.
In today’s fast-paced digital world, building cyber resilience is essential for organizations to be successful. Splunk firmly believes that the future of cybersecurity lies in adopting a unified platform that brings together detection, investigation, and automated response workflows into a cohesive framework. This integrated approach streamlines security operations, expands visibility beyond alerts and logs, and connects the unseen dots across compliance, operations, and business processes.
–Mick Baccio, Global Security Advisor at Splunk
Cyber resilience isn’t just about defense—it’s about powering your organization to succeed in the digital age.”
Throughout his 20 year career in the security industry Neal has held a variety of roles including Principal Security Engineer at SourceFire, Technical Solutions Architect for Cisco, and as a Director of Threat Intelligence Engineers at ThreatQuotient. Neal has worked with small to medium sized businesses as well as enterprise level organizations to help their security teams identify and solve Cybersecurity Operation challenges, as well as help them understand and mature Security Architectures and processes.
Share