Sherlock in Cyberland: The Case of Organizational Security

When we think of 'cybersecurity,' our minds often conjure images of ethical hacking, penetration testing, Security Operations Centers (SOC), forensics, and all the technical intricacies that protect our digital landscapes. However, there exists another realm within the cybersecurity domain that often goes unnoticed—the realm of organizational cybersecurity. This facet is a linchpin in securing an organization's digital infrastructure, and it revolves around the principles of GRC ("Governance": refers to the establishment and enforcement of policies, processes, and decision-making structures within an organization to ensure its goals are achieved effectively, ethically, and following applicable laws and regulations. "Risk Management": recognizing and understanding the threats and vulnerabilities that could impact the confidentiality, integrity, and availability of information assets, and implementing strategies to manage or minimize those risks. "Compliance": ensures that the organization follows specific security requirements and best practices. This includes data protection laws, industry regulations, and international standards to avoid legal consequences and maintain a secure operating environment).

You can picture this realm as the Sherlock Holmes of the cyber landscape, dealing with compliance with laws, standards, and guidelines like GDPR, ISO 27K, CSP SWIFT, DNSSI, and an alphabet soup of 05-20 & 09-08 laws. It's a domain of audits, where meticulous checks ensure that the cyber ship is sailing in accordance with these vital benchmarks.

But fear not, this talk isn't a dry exploration of legalese and regulations. It's an introduction to the side of cybersecurity that doesn't always make it into the blockbuster cyber movies – the side that involves Security Awareness Training and the delicate art of making cyber principles relatable to everyone in the organization.

This talk is dedicated to the tech-savvy engineers pondering a switch to making organizational decisions, managing risks, and constructing grand action plans to gracefully waltz through incidents, and for the students eyeing a future in cybersecurity who might be interested in a field that demands not just tech prowess but also a flair for strategic thinking.