When I was a CTO running a data center, I used to ask my ops team to do the shotgun test. They had to imagine our worst enemy came into the data center with a shotgun with one slug. What could they destroy to do the most damage? (I didn’t realize until recently that this was a modified version of Netflix’s Chaos Monkey testing approach.)
Lately I’ve wondered what the cybersecurity equivalent of the shotgun test is. How could you even do such a test? The fact is, without an understanding of your weaknesses, it isn’t possible to see what your worst enemy would do to you.
Creating a balanced security portfolio
I recently wrote a series of articles analyzing how companies spend (and misspend) their security portfolio dollars. I’ve likened the security portfolio to an investment portfolio, in which it’s wiser to spread your investments around, across industries and savings vehicles, to ensure you have a stable strategy. And just as your personal investment strategy changes over time (going from being exposed to more risk to more conservative positions), your cybersecurity portfolio needs to adapt to meet the ever-evolving landscape of cyber threats.