People often ask me what the most critical item for success is. My answer is “thinking” time.

Everyone is so busy these days that we often take random action without really considering the consequences or the solution. There is probably no better illustration of this than the current state of cybersecurity. Why is it that companies spend millions of dollars on security and have a large team focusing on security, but still suffer a breach? The reason is that people have so much to do and so much to focus on that they do not have time to think.

After a breach, when we hear that a system was visible from the internet, with a known vulnerability, and contained critical information, we often say, “What were they thinking?” The reality is, if we took more time to think about security and question why we are doing what we are doing, our companies and the world would be a safer place.

Or, to put it another way, there’s a reason one of the best-selling business books of all time is titled, “Think and Grow Rich,” not “Do Random Stuff and Be Really Busy and Grow Rich.”

Taking Time to Stop and Think

And guess what? Thanks to IBM, I am incredibly excited to spend the next several days meeting with brilliant minds and “thinking” about the best way to secure an enterprise at Think 2018.

Having worked in cybersecurity for 30 years as a technical director at the CIA, Chief Scientist for Lockheed Martin, CTO of McAfee and Commissioner on Cyber Security for President Obama, I am amazed to see how some things have changed a lot and other things are still the same. For example, there are always new technological developments. But the fundamental problem is the same, which is that cybersecurity comes down to protecting and securing your most critical information. IBM recognizes the importance of data security and has several sessions at Think highlighting ways to protect critical information. Two that caught my attention are:

Another important topic is how to address security with the executives. Cybersecurity is no longer something done by geeks; it is becoming a boardroom discussion. IBM knows this and on Monday has a talk directly addressing this issue:

Closely tied to this is being able to measure and gain visibility into security via security metrics and dashboards. Integrating both metrics and security as a boardroom topic is covered in a Tuesday think tank session:

The security and technology aspects of the Think agenda have me super excited. On a different note, another area that excites me are the Think Wellness sessions. You cannot operate at an optimal state if your body is not in an optimal state.

The final thing I am most looking forward to is the Disruption Dome on the Security and Resiliency Campus. This is the place to experience firsthand those critical turning points for organizations dealing with key issues from the perspective of business leaders like CISOs, CIOs, CEOs, risk and compliance officers, SOC directors and IT directors.

The Disruption Dome is the perfect place to think about your security road map, and to learn how your company can prepare its security and IT operations for “boom moments” from compliance audits to data breaches. Find out what it takes to prepare your security program when you decide it’s time to move to the cloud, or how to build in security from the start of a digital transformation. Learn what it takes to be ready before the boom happens, and how to respond afterward.

I look forward to seeing you this week at IBM Think. Please stop by say hi and let me know if I can help you with any of your questions on security.

If you are not able to attend in person, you can still get in on the action by following the event through your social channels and IBM’s social channels: @IBMSecurity, @IBM, IBM Security Facebook , IBM Security LinkedIn and keep an eye on the conversation with the #Think2018 hashtag.

Watch now! See what’s happening on the Security & Resiliency Campus at IBM Think

more from CISO

Attracting Cybersecurity Talent Takes an Open Mind, Creativity and Honesty

Retaining cybersecurity talent can be difficult. Along with our previous tips, how can you attract great workers?   Difficulties and Positive Changes   The recent ISACA State of Cybersecurity 2022 survey provides some key markers: Unfilled positions are on the rise (not good) Existing teams are understaffed (not good) Budgets are (finally) increasing (good) University degree mandates for entry-level jobs are dropping…