outdated cyber defense systems and design a future-proof cyber program that contributes to enhanced business risk decision-making. This initial book provides the foundations for the creation of an actionable (i.e. build and use) CI-DR program that can be applied tomorrow to solve the gap between enterprise risk management, security architecture, and the current management of cyber risks in use today. Additionally, this book leaves out specific vendor technology solutions, as we want to focus the reader on how cyber intelligence functions and capabilities can drive better risk decision structures in today's digital age. By mentioning technology solutions we mask the foundational cyber concepts needed to drive decisions to keep up with the velocity of business changes. Additionally, this book can be used by cybersecurity professionals, software architects, mergers-and-acquisitions teams, government “think tanks,” academics, and students looking to help businesses make better choices about risk by building a proper program focused on delivering risk options to the decision-maker.
NOTES
Every industry can benefit by creating or enhancing their business risk management program. Our CI-DR framework provides you, the reader, with the opportunity to build these capabilities, whether internally built, acquired through merger or acquisition, or sourced from the many service providers; this handbook provides the tools and the framework needed to ensure that it is effective. By the end of this book, the reader should understand what functional capabilities are needed to build a CI-DR program; the importance of why the “connective tissue” between the functions and capabilities is so valuable, and how the CI-DR program can be adequately leveraged to assist leaders in making more informed business decisions in the era of increased emergent cyber threats and attacks. Depending on the level of business understanding, the reader will be able to:
Build, buy, or outsource certain functions of the cyber intelligence–driven risk program.
Understand the functional capabilities needed to have an active program.
Turn cyber intelligence “knowledge” into business risk decisions.
Effectively use cyber intelligence to support enterprise and operational risk management programs.
Reduce the impact of cyber events through cyber intelligence “knowledge” for many business operations and not just through purchasing of new technologies.
Leverage a cyber intelligence–driven risk program to support mergers and acquisitions and collect the benefits of predictive cyber intelligence analytics.
Understand how the CI-DR program can reduce loss from cyber events for the organization and provide a proactive cyber defensive posture needed to meet emerging threats.
If this book inspires you to create new technologies, build a company to support these capabilities, or reduce risk and costs to your organization, please drop us a note on social media (@cybersixactual) or send us an email (https://www.cybersix.com), we would love to hear from you.
Acknowledgments
AS WE come out of the 2020 pandemic, many of us give pause to think about who we are, where we came from, and where we are going. This book would not be possible to complete and keep consistent without the assistance and support of colleagues, students, friends, and contributing authors. I would like to thank the United States Marine Corps for giving me drive, direction, skills, and a brotherhood that has been forged by combat. I would also like to thank SPAWAR (now NAVWAR) for giving me the information security skills to make my career possible. To Norwich University's Graduate MSIA program for providing an education second to none. To Northeastern University and Salve Regina University for providing me the opportunity to give back to the information security community and educate the next generation of cybersecurity professionals. I also want to thank those who supported my career growth and provided mentorship throughout my years in the cybersecurity profession. My first mentor and first Chief Information Security Officer (CISO), John Schramm, who was at the time leading the Investor's Bank and Trust Information Security group. John, as a prior US Army Officer, led me to take a position in KPMG's Information Protection group in lieu of rejoining the US government. My second mentor and the CISO who challenged me to succeed is Jim Routh. Jim was the first CISO I worked for who had transformational programs and business objectives tied to moving cyber activities into the forefront of business decisions. My last CISO, who mentored me in patience and helped develop my transformational concepts, is Steve Attias. Steve had been a CISO at New York Life since the declaration of that industry title, and continues to advise companies on cybersecurity programs in his retirement. Finally, to my mentor-friend, Marc Sokol. Marc was the Chief Security Officer at Guardian Life when I was at New York Life but had a good decade of experience in leading an insurance company's cybersecurity programs. Marc was instrumental in my growth, executive experiences, and still assists today where I need additional help or support.
To the contributing authors, my colleagues, and friends, you all have been a part of my journey in building these programs, listened to my ideas and concepts over social gatherings, working hours, and late-night meetups. Without your direct feedback, opinions, and execution, I would have never been able to see these programs work firsthand. We have built these programs in two Fortune 100 companies to great success, and many of you are still working on those programs or have modified them to support your current environments.
There were many throughout my career who have been a part of building out these concepts into reality and there were people who gave me the support and freedom to build these programs. I would like to directly name and thank the following individuals who had a direct impact in helping to build and refine many of my concepts into programs over the last two decades. From my time at KPMG I wish to thank Neil Bryden, Barbara Cousins, Greig Arnold, and Prasad Shenoy; it was the time when the CI-DR™ concepts began to originate. I wish to thank those individuals at the Royal Bank of Scotland, Americas, who instituted and implemented the first of the CI-DR program's capabilities: Dr. Stephen Johnson (one of the co-authors of this book), Todd Hammond, David Griffeth, Chuck Thomas, Steven Savard, Robert Fitz, James McCoy, Chris Piacitelli, Frank Susi, Jack Atoyan, and David Najac. I wish to thank those responsible for implementing CI-DR version two of capabilities and functions at New York Life: Dr. Stephen Johnson, Robert Sasson, Karen Riha, Eric Grossman, Willard Dawson, and Lee Ramos. Finally, I wish the thank the following individuals at Alvarez and Marsal for creating the documentation behind these programs and putting to paper standard operating procedures, guides for building, and guides for assessing the maturity of these programs: Derek Olson (one of the co-authors of this book), Adele Merritt, Tom Stamulis, Brady Willis, Joe Nemec, Terence Goggins, Dominic Richmond, and Cassidy Lynch.
To my students and those asking me to be their mentors, thank you for listening to my rantings and ravings about our profession. You challenge me daily to be operational, effective, and creative about transformational solutions to meet the demands of the profession and industries you all strive to protect.
To my CyberSix advisors, specifically Sean Cross, who not only has looked out for the best interest of the company but has become a great friend, business partner, mentor, and coach. Your friendship and advice are what all startup organizations need to succeed from running the Founders' Roundtable, bringing startup CEOs to learn from each other, to the exhaustive time and effort you put into all those who need your services. To Steve Dufour, thank you for your strategic guidance and help in solidifying my concepts into business plans and paving the way for future services for my company. I look forward to continuing partnering, collaborating, and working together.
To my dad, whom we lost during the pandemic in 2020, due to underlying conditions. His passing placed a long pause on completing this book.
Finally, to my wife, Jennifer, who encouraged me
