Scope Definition

• Operating Systems
• Network Devices
• Applications & Databases
• Cloud Infrastructure

Asset Management

• Code Review
• Physical Security assets
• Mobile Devices & Apps
• Containers & IoT
• OT/SCADA

Attack Surface Management

• Cloud misconfiguration testing
• Identify (Periodic or Continuous)
• Classify
• Risk Based Approach
• Prioritize (e.g., use of EPSS)

Mitigation Actions

• Fix
• Verify
• False positive management

Measuring Effectiveness

• Baseline establishment
• Metrics definition
• Application Security KPIs

Development & Standards

• Application Development Standards
• Secure Code Training and Review
• Integration to SDLC and Project Delivery
• Change Control
• File Integrity Monitoring (FIM)

Protection & Testing

• Web Application Firewall (WAF)
• Application Vulnerability Testing
• Inventory open source components
• Source code supply chain security
• API Security

Network Security

• Firewalls
• Network IPS and IDS
• Proxy/Content Filtering
• DNS security/ filtering
• DDoS Protection

Hardening & Endpoints

• Hardening guidelines
• Desktop security
• Anti Malware, Anti-spam
• Patching
• Encryption, SSL, PKI

Awareness & Checks

• Security Health Checks
• Public software repositories
• Awareness training
• DLP (Data Loss Prevention)

SOC Management

• SOC Resource Mgmt
• SOC Staff continuous training
• Shift management
• SOC procedures
• SOC Metrics and Reports
• SOC and NOC Integration
• SOC Tech stack management

Analysis & Logic

• Log Analysis/correlation/SIEM
• Alerting (IDS/IPS, FIM, WAF, Anti Malware)
• NetFlow analysis
• Threat hunting and Insider threat
• MSSP integration
• Long term trend analysis
• Unstructured data from IoT

Advanced Capabilities

• Threat Detection capability assessment
• Gap assessment & Prioritization
• SOC DR exercise
• Partnerships with ISACs
• Integrate new data sources

Emerging Skills

• Machine Learning (Understand Algorithm Biases, model training)
• IoT (Autonomous Vehicles, Drones, Medical Devices, ICS)
• MITRE ATT&CK
• Soft skills
• DevOps Integration

Tech Integration

• Use of AI, GenAI and Data Analytics
• Use of computer vision in physical security
• Log Anomaly Detection
• Red team/blue team exercises
• Integrate threat intelligence platform (TIP)
• Deception technologies for breach detection
• Full packet inspection
• Detect misconfigurations
• Integrate Cloud based tools

Incident Response Capability

• Create adequate Incident Response capability
• Incident Response Playbooks
• Incident Readiness Assessment
• Forensic Investigation
• Data Breach Preparation

Preparedness Activities

• Update and Test Incident Response Plan
• Set Leadership Expectations
• Forensic and IR Partner, retainer
• Adequate Logging
• Breach exercises (simulations)
• First responders Training
• IR Playbook testing
• Media Relations

Business Continuity

• Business Continuity Planning
• Post-incident analysis
• Cyber Risk Insurance
• Managing relationships with law enforcement

Ransomware Defense

• Identify critical systems
• Perform ransomware BIA
• Tie with BC/DR Plans
• Devise containment strategy
• Ensure adequate backups
• Periodic backup test
• Offline backups in case backup is ransomed
• Mock exercises
• Implement machine integrity checking

Automation & SOAR

• Playbooks
• Supply chain incident mgmt
• Keep inventory of software components
• Integrate into vulnerability mgmt
• Integrate into SDLC and risk mgmt process

Core IAM

• Identity Credentialing
• User Provisioning and Identity Life Cycle Management
• Single Sign On (SSO, Simplified sign on)
• Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)
• Federation, SAML, Shibboleth
• 2-Factor (multi-factor) Authentication - MFA

Authentication Methods

• Authenticator Apps
• Tokens and cards
• One time passcodes
• Role-Based Access Control (RBAC)
• Customer Identity - Ecommerce and Mobile Apps
• Password resets/self-service
• HR Process Integration

Advanced & Zero Trust

• Integrating cloud-based identities
• IoT device identities
• IAM SaaS solutions
• Unified identity profiles
• Password-less authentication (Voice, Face, Passkey)
• IAM with Zero Trust technologies
• Use of public identity (Google, FB etc.)
• OAuth, OpenID, Digital Certificates
• Privileged Access Management (PAM)
• API authentication and secrets management

Governance Structure

• Strategy and business alignment
• Security policies, standards
• Legal, regulatory and contract
• Risk Mgmt/Control Frameworks
• NIST - relevant NIST standards
• ISO, COSO, COBIT, ITIL
• FAIR, FISMA, CMMC

Mgmt & Visibility

• Visibility across multiple frameworks
• Roles and Responsibilities (RACI charts)
• Data Ownership, sharing, and data privacy
• Conflict Management
• Metrics and Reporting (Operational, Executive)
• Validating effectiveness of metrics

Strategic Initiatives

• IT, OT, IoT/IIoT Convergence
• Explore options for cooperative SOC, collaborative infosec
• Tools and vendors consolidation
• Evaluating control effectiveness
• Maintain a roadmap/plan for 1-3 years
• Board oversight and board presentations
• Security Team Branding
• Aligning with Corporate Objectives

• Continuous Mgmt Updates, metrics
• Negotiation, give and take
• Corporate politics, picking battles carefully
• Innovation and Value Creation
• Expectations Management
• Show progress/ risk reduction
• ROSI (Return on Security Investment)

Remote Work

• Enable Secure Application access
• Secure expanded attack surface
• Security of sensitive data accessed from home
• Zero trust access to applications

Security Architecture

• Traditional Network Segmentation
• Micro segmentation strategy
• Application protection
• Defense-in-depth
• Remote Access strategies
• Encryption Technologies
• Backup/Replication/Multiple Sites
• Cloud/Hybrid/Multiple Cloud Vendors

Modern Infrastructure

• Software Defined Networking
• Network Function Virtualization
• Zero trust models and roadmap
• SASE/SSE strategy, vendors
• Overlay networks, secure enclaves

DevOps & Ops

• Secure DevOps, DevSecOps
• Embedding security tools in CI/CD pipelines
• Automate threat hunting
• Automate risk scoring
• Automate asset inventory
• Secure infrastructure as code
• Automate API inventory
• Automate risk register

Response & Compliance

• Automate security metrics
• Automate incident response where applicable
• Automate compliance checks
• Automate patching

• Physical Security
• Vulnerability Management
• Ongoing risk assessments/pen testing
• Code Reviews, SAST
• Use of Risk Assessment Methodology and framework
• Policies and Procedures
• Phishing and Associate Awareness

Quantification & Registers

• Third party risk management (TPRM) automation
• Cyber Risk Quantification (CRQ)
• Maintain Centralized Risk Register
• Loss, Fraud prevention

• Data Discovery
• Data Classification
• Access Control
• Data Loss Prevention - DLP
• Customer and Partner Access
• Encryption/Masking
• Monitoring and Alerting

Operational Technologies

• Industrial Controls Systems
• PLCs
• SCADA
• HMIs

Legal

• Data Discovery and Data Ownership
• Vendor Contracts
• Investigations/Forensics
• Attorney-Client Privileges
• Data Retention and Destruction

Compliance Standards

• CCPA, GDPR & other data privacy laws
• PCI
• SOX
• HIPAA and HITECH
• Regular Audits
• SSAE 18
• NIST/FISMA
• CMMC
• HITRUST
• DORA
• SEC notification requirements
• Other compliance needs

Embedding Security

• Embedding security in Project Requirements
• Threat modeling and Design reviews
• Security Testing
• Certification and Accreditation

Governance & Ethics

• AI Governance, Policies, Transparency
• LLMs, Chatbots, Agents, RAG
• Safe and ethical uses of GenAI
• NIST AI Risk Mgmt Framework

Security of AI

• Secure AI/GenAI models
• Protecting Intellectual Property
• Securing training and test data
• Adversarial attacks
• OWASP Top 10 LLM and GenAI risk
• AI/GenAI testing tools

AI for InfoSec

• Identify GenAI plausible use cases
• AI enabled security tools, threat detection
• Train InfoSec teams on AI technologies
• Use of GenAI in task automation

Mergers and Acquisitions

• Acquisition Risk Assessment
• Network/Application/Cloud Integration Cost
• IAM integration
• Security tools rationalization

Cloud Computing

• Multi-Cloud architecture
• Strategy and Guidelines
• Cloud Security Posture Management (CSPM)
• Ownership/Liability/Incidents
• SaaS Strategy
• Vendor's Financial Strength
• SLAs
• Infrastructure Audit

Cloud Details

• Proof of Application Security
• Disaster Recovery Posture
• Data ownership, compliance
• Integration of Identity Management/Federation/SSO
• SaaS Policy and Guidelines
• Cloud log integration/APIs
• Virtualized security appliances
• Cloud-native apps security
• Containers-to-container communication security
• Service mesh, micro services
• Serverless computing security

• Technology advancements
• Lost/Stolen devices
• BYOD and MDM (Mobile Device Management)
• Mobile Apps Inventory

• IOT Frameworks
• Hardware/Devices security features
• IOT Communication Protocols
• Device Identity, Auth and Integrity
• Over the Air updates

IoT Use Cases

• Track and Trace
• Condition Based Monitoring
• Customer Experience
• Smart Grid
• Smart Cities / Communities
• IoT SaaS Platforms
• Augmented and Virtual Reality
• Drones
• Edge Computing

Processes

• HR/On Boarding/Termination
• Business Partnerships
• Agility, Business Continuity and Disaster Recovery

Trends

• Understand industry trends (e.g. retail, financials, etc)
• Evaluating Emerging Technologies (Quantum, Crypto, GenAI etc.)

Budget & Projects

• Manage Infosec Budget
• Managing Security Projects
• Business Case Development
• Alignment with IT Projects
• Consulting and outsourcing
• CapEx and OpEx considerations
• Technology amortization
• Retire redundant & under utilized tools

Staffing & Balance

• Staffing and Talent Management
• Recruiting, performance and retention
• Staff burnout prevention
• Balance FTE and contractors
• Staff training and skills update
• Balancing budget for People, Training, and Tools/Technology/Hardware, travel, conferences