Cyber Security Word Cloud #1

Word Cloud
  1. Patching — Still #1 by a country mile. In fact, patching is 14% of the word cloud. That means 14 out of 100 words were patching (or similar, when I normalized answers). Security professionals still struggle with patching in spite of the fact that it’s received so much press and attention in light of the many recent breaches. It’s pretty incredible to think that patching is still something cyber security teams struggle with in 2020, but given our track record I’m truly not surprised.
  2. CMDB and Updates/Updated — Asset and change management database and updates-related items were both at 11.9% of the word cloud, in a dead heat. It makes sense that security professionals see these two as challenges, given that over the years ITSM has largely been ignored in many organizations big and small. Now with the cloud migration and digital transformations in full swing, security professionals (and their peers in IT) have potentially lost all control over where, what, and how the company does IT. If you’re trying to secure corporate secrets or assets and you can’t even identify where you have corporate assets, this becomes a big problem quickly.
  3. Multi-Factor Authentication — I’m excited multi-factor authentication is being talked about, except that if it’s such a high priority it means that MFA likely isn’t getting wide adoption. Or maybe it needs to get broader adoption? Worth exploring certainly. Multi-factor authentication is available for so many applications and use-cases, with such little effort there are hardly any excuses not to do it today. I carry both theGoogle Authenticator and Microsoft Authenticator apps on my phone, it doesn’t cost anything and it’s a great way to add a nice level of security. Additionally, if you’re on Office 365 (and really, who isn’t today?) you can have the Microsoft Authenticator functionality built right into the platform with AzureAD, so what’s holding people back?! MFA got 9.5% of the total word cloud mentions.
  4. Training — Training was actually tied with multi-factor authentication but I’m giving it’s own consideration here. Honestly, there is so much to dig into with “security training” or “end-used training” or the ever-popular “developer training” that I can’t go into it here. Just know that I believe if you’re still struggling to ‘train’ people in your organization you are likely doing it wrong. Of course training is important, but the delivery and timeliness, including one-time versus continuous training, is all so critical. And truthfully we as a community have done it so wrong, for so long, it’s hard to jump in and convince someone this time we’ll get it right. Training also received 9.5% mention.
  5. Budget & Passwords — Budgets are going to start declining in cyber-security. Why? Because we don’t have the tools or hard evidence to prove to leadership that the checks they’ve been writing have done any damn good. Think of how big some of these companies’ budgets are that have had the mega-breaches … folks it’s not about the budget but how you analyze and mitigate specific risks that are relevant to your organization. So much to unpack in budget… What can I say about passwords except … oh hell. We’ve been trying to kill the password for, well forever. It’s not worked out so well. Maybe we’re getting closer, but I think that all these strong opinions and religious battles over how to replace passwords is doing more harm than good. You want a solution, MFA + password managers. Win. Both of these words had 7.1% of the word cloud.

Now what?




I’m Rafal, and I’m a 20+ year veteran of the Cyber Security and technology space. I tend to think with a wide-angle lens, and am unapologetically no-bullsh*t.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How Does the Internet Work?

PORTA Pre-Sale on Bounce Finance

The KOII Token

Analysts Warn of Regulatory Risks if Russia Is Able to Use Crypto to Evade Sanctions

How I was able collect PII of all users

Everything about Authentication and Authorisation: SSO, SAML, OpenID, OAuth, and Cognito

OctoPets Weekly Rewards

3 Suptech milestones to look out for until 2023 — and why they will matter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rafal Los

Rafal Los

I’m Rafal, and I’m a 20+ year veteran of the Cyber Security and technology space. I tend to think with a wide-angle lens, and am unapologetically no-bullsh*t.

More from Medium

Have we really been breached?

Improve network security by creating a honeypot.

How to create a cyber security strategy roadmap

A straight forward guide to installing Cuckoo sandbox on Ubuntu 18.04

VMware info screen