CISOs at these firms are then often able to spend less, but in a more impactful way that ultimately
            translates to fewer breaches and greater ROI for the business.

            Adopting an attacker’s mindset is to approach security the same way a team would before playing in a
            big sports game. The Broncos would never play a big game without practicing beforehand, and neither
            should you. Whether you’re a coach preparing for your team’s next big game or a CISO developing an
            enterprise security strategy, the best plans are founded in a solid understanding of the enemy, and a
            deep  awareness  of  one’s  own  strengths  and  weaknesses  to  test,  tweak  and  improve  before  battle.
            Whether it be sports or security, experience is the best defense.

            Here  are  three  important  approaches  CISOs  can  use  to  shift  perspective  and  better  prepare  their
            organizations for the next attack.



            Pretend you’re The Attacker

            Similar to scouting and studying an opposing team, security teams must be able to put themselves in the
            shoes of the enemy and view themselves from the outside looking in. What does your attack surface look
            like? What assets are most interesting or most valuable? From what points could one gain access to your
            network? By adopting a hacker mindset and viewing themselves through an attacker’s eyes, CISOs and
            their security teams will be better informed to make decisions such as where to allocate budget, team
            and resources for the greatest impact.



            Weaponize Your Home Field Advantage

            Just like in sports, home field advantage is a real thing. There will never be a situation where a security
            team is working in enemy territory, so make sure you know your turf. Know and monitor your external
            and internal network, be able to identify anomalous activity and be ready, able and willing to use the tools
            at your disposal. Too often, organizations invest in security tools or monitoring solutions they have no
            idea how to use or no ability to monitor. Take advantage of your own turf by investing in tools that work
            well with the rest of your toolbox and the practice required to maximize its benefits. Anything you can’t
            use or properly monitor is just getting in the way.



            Never Stop Practicing

            The sports analogy here goes without saying. The most important thing an enterprise can do, is routinely
            test their detection and Incident Response (IR) teams, as well as  the processes in place in the event of
            a security incident. When it comes to IR plans, I’m a big fan of Mike Tyson’s quote, “Everyone has a plan
            until they get punched in the mouth.” While having an IR plan in place is an important step, practicing
            and understanding how teams respond under pressure is the only way to truly know if your organization
            is prepared and able to properly respond. When I’ve seen organizations fail, it was not because people
            didn’t have a plan – it was because they never practiced it. Things rarely go according to plan, so being







                                 136