People often ask me what the most critical item for success is. My answer is “thinking” time.

Everyone is so busy these days that we often take random action without really considering the consequences or the solution. There is probably no better illustration of this than the current state of cybersecurity. Why is it that companies spend millions of dollars on security and have a large team focusing on security, but still suffer a breach? The reason is that people have so much to do and so much to focus on that they do not have time to think.

After a breach, when we hear that a system was visible from the internet, with a known vulnerability, and contained critical information, we often say, “What were they thinking?” The reality is, if we took more time to think about security and question why we are doing what we are doing, our companies and the world would be a safer place.

Or, to put it another way, there’s a reason one of the best-selling business books of all time is titled, “Think and Grow Rich,” not “Do Random Stuff and Be Really Busy and Grow Rich.”

Taking Time to Stop and Think

And guess what? Thanks to IBM, I am incredibly excited to spend the next several days meeting with brilliant minds and “thinking” about the best way to secure an enterprise at Think 2018.

Having worked in cybersecurity for 30 years as a technical director at the CIA, Chief Scientist for Lockheed Martin, CTO of McAfee and Commissioner on Cyber Security for President Obama, I am amazed to see how some things have changed a lot and other things are still the same. For example, there are always new technological developments. But the fundamental problem is the same, which is that cybersecurity comes down to protecting and securing your most critical information. IBM recognizes the importance of data security and has several sessions at Think highlighting ways to protect critical information. Two that caught my attention are:

Another important topic is how to address security with the executives. Cybersecurity is no longer something done by geeks; it is becoming a boardroom discussion. IBM knows this and on Monday has a talk directly addressing this issue:

Closely tied to this is being able to measure and gain visibility into security via security metrics and dashboards. Integrating both metrics and security as a boardroom topic is covered in a Tuesday think tank session:

The security and technology aspects of the Think agenda have me super excited. On a different note, another area that excites me are the Think Wellness sessions. You cannot operate at an optimal state if your body is not in an optimal state.

The final thing I am most looking forward to is the Disruption Dome on the Security and Resiliency Campus. This is the place to experience firsthand those critical turning points for organizations dealing with key issues from the perspective of business leaders like CISOs, CIOs, CEOs, risk and compliance officers, SOC directors and IT directors.

The Disruption Dome is the perfect place to think about your security road map, and to learn how your company can prepare its security and IT operations for “boom moments” from compliance audits to data breaches. Find out what it takes to prepare your security program when you decide it’s time to move to the cloud, or how to build in security from the start of a digital transformation. Learn what it takes to be ready before the boom happens, and how to respond afterward.

I look forward to seeing you this week at IBM Think. Please stop by say hi and let me know if I can help you with any of your questions on security.

If you are not able to attend in person, you can still get in on the action by following the event through your social channels and IBM’s social channels: @IBMSecurity, @IBM, IBM Security Facebook , IBM Security LinkedIn and keep an eye on the conversation with the #Think2018 hashtag.

Watch now! See what’s happening on the Security & Resiliency Campus at IBM Think

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…