Spotting Cybersecurity Gaps, Becoming More Systems-FocusedRisk Management Expert Lisa Young on How Critical Thinking Improves Cybersecurity
Too often, cybersecurity practitioners stick with the status quo instead of challenging outdated frameworks. But Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask.
"Especially in the business environment," she says, "it's important that we don't just accept what is. Part of the critical thinking mindset is to ask, 'Is there a better way? How are we doing this? Is there something that we're not doing that we should be doing? And is there something that we can practice getting better at?'"
In this interview with Brian Barnier, who is developing a course on critical thinking and design thinking in cybersecurity for CyberEd.io, Young also discusses:
- Using root cause analysis to continually improve systems and processes in cybersecurity;
- Reframing cyber professionals' mindsets from hazard avoidance to business risk;
- Simple exercises that your company can perform to start becoming more systems-focused.
Lisa Young is an operational risk and security metrics professional with a passion for solving problems with data. She has worked in government, military, industry and academia and is currently on sabbatical from her role as vice president of cyber risk engineering at Axio Global Inc., an integrated risk management software company. She works as part of the Cybersecurity and Infrastructure Security Agency's COVID Task Force as a risk management subject matter expert and is a board member of ISC(2), a global association of nearly 200,000 cybersecurity professionals. Young is also immediate past president of the Society of Information Risk Analysts.