How are Cybersecurity professionals forming their strategy?
It makes a lot of sense to follow lessons learnt, and to have objectives that can be met.
The same issues are clear in other defence avenues.
We're constantly suffering from being behind and not being able to proactively stop new attacks.
Our strategy needs to put us in the driving seat and do better than just reacting.
An article i read on military defence listed four aspects of that strategy and in Cybersecurity terms they could look like this:
Firstly, we need complete freedom of action, and support from the board and senior management
Second, we should be capable of being on top of most known threats due to protective measures
Third we should have a good picture of what is happening around us
With the first three we should be superior to other systems when applying countermeasures.
It would be good to exchange views on strategy choices and see how objectives are going to be met.