From hostage negotiator to business leader: Security Maturity by Sandy Dunn.

The article focuses on the journey of Sandy Dunn, CISO of Blue Cross of Idaho, as she evolves from a “hostage negotiator” between business teams and the security team to a business leader in the field of cybersecurity. Dunn emphasizes the importance of simplifying knowledge management and becoming a “business listener” in order to make informed decisions.

Key Points:

Sandy Dunn’s career has evolved from being a “hostage negotiator” to a business leader in cybersecurity.
Dunn highlights the significance of simplifying knowledge management and being a “business listener” to make informed decisions.

Sandy Dunn’s career in cybersecurity spans 20 years, during which she has worked with organizations like NASA, JPL, Secret Service, and IRS. Her roles have included Competitive Intelligence, Security Engineer, Information Security Officer, Senior Security Strategist, and IT Security Architect. Dunn prioritizes a risk-based, business-focused approach to cybersecurity through process, standards, and threat intelligence.

Dunn explains that in the earlier days of her career, she acted as a “hostage negotiator” between the business teams and the security team. However, as she matured in her role, she realized the importance of simplifying knowledge management. Dunn believes that understanding security should be made easy for all stakeholders, which requires clear communication and making complex concepts accessible.

Another key aspect of Dunn’s journey is becoming a “business listener.” She emphasizes the need for cybersecurity professionals to understand the business and its objectives in order to make the right decisions. By becoming a business listener, Dunn believes that cybersecurity leaders can align their strategies with the goals and needs of the organization.

The article also highlights Dunn’s extensive qualifications and experience in cybersecurity. She holds a Masters degree from SANS in Information Security Management and is certified in various areas such as CISSP, SANS GSEC, GWAPT, GCPM, GCCC, GCIH, GLEG, GSNA, GSLC, GCPM, Security +, ISTQB, and FAIR. Dunn is also an Adjunct Professor at BSU in their Cybersecurity program and a frequent speaker on cybersecurity.

In conclusion, the article showcases Sandy Dunn’s career journey from a “hostage negotiator” to a business leader in cybersecurity. Her emphasis on simplifying knowledge management and becoming a “business listener” highlights the importance of clear communication and understanding the business in the field of cybersecurity.

Post Views: 78

Latest from Blog

US charges North Korean hacker for hospital ransomware attacks

TLDR: The U.S. DoJ indicted a North Korean hacker for ransomware attacks on hospitals The hacker, Rim Jong Hyok, is part of a group called Andariel and is accused of laundering ransom

Deadline approaching for Cyber Security Framework adoption and mandatory reporting Regulator shifts focus to enforcement from education

TLDR: Key points: Important compliance dates approaching for critical infrastructure assets under the Security of Critical Infrastructure Act. Responsible entities must adhere to specific cyber security frameworks and submit mandatory annual reports.

Cyberattack hits Selenium Grid for Crypto Mining – stay safe

Ongoing Cyberattack Targets Exposed Selenium Grid Services TLDR: Cyberattack targeting older versions of Selenium for crypto mining Threat actors using Selenium Grid services for illicit activities Cybersecurity researchers are warning about an

Bridging the cyber talent gap: tips for CISOs

TLDR: – Global cyber threats have increased twofold in recent years, leading to a talent gap of nearly 4 million cyber professionals worldwide. – Existing cyber staff are under strain, with vacancies

Deepfake dangers prompt urgent cybersecurity reevaluations for businesses

TLDR: AI-generated deepfake attacks are on the rise, leading companies to reassess their cybersecurity measures. Companies are developing deepfake response plans and running simulations to increase preparedness. Biometric authentication, once considered secure,

North Korean faces charges for cyberattacks on US targets

TLDR: A North Korean military intelligence operative has been indicted for orchestrating cyberattacks on U.S. hospitals, NASA, and military bases. Rim Jong Hyok, a member of the Andariel Unit, faces charges of

Analysts predict cybersecurity stocks will soar after CrowdStrike’s outage

“`html TLDR: CrowdStrike outage led to potential gains for cybersecurity rivals SentinelOne, Palo Alto Networks, and Microsoft’s cybersecurity business could benefit After a defective CrowdStrike update caused a global tech outage, analysts

Bitsight’s Trust Management Hub: Revolutionizing Security Assessment Process

TLDR: Bitsight has released Trust Management Hub to streamline security assessments. The new solution reduces workload by 25% and improves the assessment cycle by 85%, helping teams close deals faster. Bitsight, a

North Korean hackers pivot to ransomware attacks

TLDR: North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui A North Korea-linked threat

Europe’s telecom, electricity sectors evaluated in new EU cybersecurity report

TLDR: EU releases risk assessment report on cybersecurity in telecommunications and electricity sectors Report highlights supply chain risks, shortage of cybersecurity professionals, and threats from cybercriminals and state-sponsored actors Summary: The European

Suggestions

From hostage negotiator to business leader: Security Maturity by Sandy Dunn.

Latest from Blog