Will Brooks’ Post

Transcript

We've got spicy Monday, we've got friendship Friday, we've got those kind of trend hashtags that are out there. But one of the issues I have with them, and this is nothing against the trend itself, but one of the issues I have with maybe the LinkedIn as a whole is that often the posts are telling you what to do. It's pointing out something, it's pointing out some observation that we make in the cyber security space and we're saying this needs to be addressed. Let's let let me tell you my how how I would address this, right? It's a lot of that I language and I think that's that's something that. Eye to use the word personally struggle with because it's so much of the me, me, me focus of just saying, look, this is what I would do. These are the things that frustrate me. Here are the people I appreciate. So I want to take Wednesdays to kind of flip the script a little bit and just ask a question. We'll call it wonder Wednesday. Just ask a question. I want to know, I want to hear your responses. What are you thinking? What are you doing? So let's talk security today. You're out there day in and day out holding the keys to let's say. Survival. For all the businesses you managed security for. But when it comes to that cybersecurity, how are you really deciding what to implement? What are you using? Are you going with A1 size fits all security stack? Did you build it yourself or are you using the service? Some vendor promise would solve all your problems. Just use my one tool. MY1 solution does everything for your clients. Are you following a framework using NIST, CIS, maybe something else? Maybe you're focusing on healthcare, so you're looking at HIPAA to kind of align your security. Are you actively assessing risk and identifying vulnerabilities, tailoring your approach, you know, uniquely to client needs? Or is it more again that one-size-fits-all stack? Maybe you're scrolling through Reddit threads late at night hoping some anonymous all wise guru would magically drop that answer in your lap and say here's what I do and it will fix all your problems again. Are you letting the flashy booths at conferences dictate your strategy? Because I get it, There are a lot of places you can be getting that stack knowledge from, right? Cybersecurity is a beast. It's constantly changing, it's constantly evolving, and it can feel overwhelming. But the truth is your clients. Are relying on you to make the right decisions. Their data, their reputation, their entire business could be on the line and it starts and stops with you. That's a lot of pressure. So I'm asking this again because I'm genuinely curious and I hope it helps everyone else who sees this post. Where are you sourcing your stack from? How are you determining what security controls you're going to use and you're going to implement with your clients? Because one thing I know about. This space. Fake it until you make it is not an option. It will not work. So please in the comments let me know where are you getting this from? Where are you getting your information from? How are you going about selecting the security services you're going to use? And hopefully it helps someone else who comes across this post.