Episode 47

Proactive Resilient Approach to Cybersecurity

It is well known that a proactive intelligence-driven approach to cyber governance is the way to go. But it is easier said than done. Embracing and sustaining such an approach requires high commitment, preparedness, and discipline. Kriti Arora, Security Global Black Belt, Threat Intelligence and Enterprise Attack Surface Management, Microsoft, shares her experiences guiding clients to adopt an intelligence-driven proactive approach to thwarting attacks. She also shares her passion for the field and the satisfaction of training and serving as a cyberwarrior.

Time Stamps

00:48 -- Before we get into the details of a proactive resilient approach to cybersecurity, how about sharing your professional journey? What got you into this field?

03:58 -- You described yourself as a first-generation cyberwarrior during our planning meeting. I found that quite intriguing. Please expand.

06:54 -- Can you shed some light on the different types of opportunities that a cybersecurity career can present to the first generation (of cyber warriors) or people trying to pivot from their existing careers into cybersecurity?

11:14 -- Kriti, share with us briefly about your role at Microsoft? At a generic level, could you share what you do at Microsoft with the listeners?

15:16 -- What is a proactive, resilient approach?

18:08 -- Why do organizations vary in their level of proactiveness? What are some reasons?

21:10 -- What are the five or six things one should do to get started on the path of proactiveness?

27:43 -- Maintaining a log of security intelligence received, and actions taken might be very useful, especially when an organization is trying to defend itself in a court of law. What are your thoughts?

34:24 -- Every organizational member has a role to play in securing the organization. Do you agree?

36:28 -- Asset prioritization and data retention strategies are key aspects of proactive cybersecurity governance. What are your thoughts?

40:59 -- What measures or metrics are useful in assessing proactive resilience?

45:02 -- Please share some final thoughts and key messages for our listeners.


Memorable Kriti Arora Quotes/Statements

"So, at one moment, you're fighting crimes, doing these investigations like a detective, and researching a problem to find a solution. At another time, you could be troubleshooting a typical problem and providing customer support services."

"The adaptive quality of the field is what makes it thrilling. That's what excites us, the cyber warriors, who are trying to experiment, learn new things, and save the world with different techniques and tactics."

"I consider a proactive approach to be intelligence-driven and holistic. It represents a mind shift on how cyber threats are thwarted."

"In this proactive approach, we focus on indicators of attackers; we try to keep a watch on the entire network and its processes. It's a holistic approach. I would not call it a technique; I would call it a mind shift because you need that mind shift to understand proactiveness. It's like being alert, thinking about the worst-case scenario, trying to prevent it or be prepared to recover from it quickly."

"It's very important to focus on the attack surfaces, whether internal or external. A full or 360 view of your attack surface is very important."

"Successful implementation and sustenance of a proactive resilient approach depend on a high level of cybersecurity awareness and knowledge."

"Organizations must strive to be both secure and productive."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

https://www.imd.org/ibyimd/magazine/preventing-security-breaches-must-start-at-the-top/

https://www.imd.org/ibyimd/strategy/mission-critical-how-the-american-cancer-society-successfully-and-securely-migrated-to-the-cloud-amid-the-pandemic/

Latest Webinars:

https://us02web.zoom.us/rec/share/5H3vdv8eJgZRFMEa_w-JApCjpBczEcwpsqY6HRRZl6gOfanvhDLN1oiVnFA_qSE.kFJ0JGmlJt2d30Ip 

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.