I believe we are continually learning in life… learning, applying, learning, applying. This cycle helps us become better personally and professionally.

2020 was a banner year of transformation—whether we liked it or not—changing how we work individually and together, both on a grand scale, the epitome of a new way of learning. Through these changes, we’ve seen accelerated projects and an opportunity for additional learning for how to work remotely and collaborate from the other side of a screen. We’ve been thrust into changes coming at us from all angles and have been forced to deal with them. But, hey, this is precisely the kind of thing we’ve been preparing for in the CISO role. It may not be a breach we are dealing with, but this was a potential disruption to the business that needs to be addressed; and, however uncomfortable, there is risk here that needs to be rooted out and mitigated.

In the spirit of learning, we will look at some of the main changes we’ve encountered in risk and security management, take a step back from them, and figure out what we can do for 2021. Let’s take some lessons from 2020 to make things even better and fully embrace the changes needed for the company’s benefit, its customers, its employees, and the bottom line.

In this blog, I want to share three pillars that I will use to drive three more discussions as part of a series of lessons learned. For now, let’s start with an overview of some critical themes covering our teams, the way we do things, and the tools the business uses to get those things done.

Lessons from People

• Are we taking good care of our teams and is the definition of team broad enough?
• How do we look at and leverage technology?
• How do we look at risk?
• How does the human element set us up for great things in 2021?
• Language, conversations, communication, and collaboration matter and deserve focused attention.

Lessons from Process

• What were we able to trim through accelerated projects?
• What were we able to streamline?
• What new things were we able to accomplish?
• Gaps, dependencies, lack of data, misinformation, and blocking activities need to be handled.

Lessons from Technology

• What technology was unnecessarily holding us back?
• What technology propelled us forward?
• What things were we able to automate?
• Training, trimming, tuning, orchestrating, and resiliency must be factored in.

All of us have had very different experiences over the past year. I will be sharing more of my own experiences looking at each of these three pillars in subsequent blogs over the next few weeks. Be sure to catch them as they are published, embrace what makes sense for your environment, and recognize that it’s really up to you to understand what your own experience means to you and what, from all of this, you can take with you as you move into 2021.

If you have ideas or questions about this topic, I can always connect and discuss this with you. Feel free to contact us online via LinkedIn @Blue-Lava.

If you want to hear more on this subject, I’d like to personally invite you to join me as I connect with ESG’s Jon Oltsik to discuss the following topics in our upcoming webinar:

1. Exploring how the role of cybersecurity program tracking is evolving to include business stakeholders
2. Uncovering how to measure your program’s progress and determine which areas are underinvested or overinvested
3. Comparing the actions of leading organizations with those that lag behind while building a comprehensive strategy

This was discussed during our January 2021 webinar. In case you missed it, you may watch a recording of the event here.

Laz has 30+ years industry experience, is a 3x CISO, the Co-Founder of Blue Lava, and is a globally-recognized authority in Information Security. He welcomes your feedback and can be reached at: laz at bluelava dot io.