Cyber Security Word Cloud #1

Word Cloud
  1. Patching — Still #1 by a country mile. In fact, patching is 14% of the word cloud. That means 14 out of 100 words were patching (or similar, when I normalized answers). Security professionals still struggle with patching in spite of the fact that it’s received so much press and attention in light of the many recent breaches. It’s pretty incredible to think that patching is still something cyber security teams struggle with in 2020, but given our track record I’m truly not surprised.
  2. CMDB and Updates/Updated — Asset and change management database and updates-related items were both at 11.9% of the word cloud, in a dead heat. It makes sense that security professionals see these two as challenges, given that over the years ITSM has largely been ignored in many organizations big and small. Now with the cloud migration and digital transformations in full swing, security professionals (and their peers in IT) have potentially lost all control over where, what, and how the company does IT. If you’re trying to secure corporate secrets or assets and you can’t even identify where you have corporate assets, this becomes a big problem quickly.
  3. Multi-Factor Authentication — I’m excited multi-factor authentication is being talked about, except that if it’s such a high priority it means that MFA likely isn’t getting wide adoption. Or maybe it needs to get broader adoption? Worth exploring certainly. Multi-factor authentication is available for so many applications and use-cases, with such little effort there are hardly any excuses not to do it today. I carry both theGoogle Authenticator and Microsoft Authenticator apps on my phone, it doesn’t cost anything and it’s a great way to add a nice level of security. Additionally, if you’re on Office 365 (and really, who isn’t today?) you can have the Microsoft Authenticator functionality built right into the platform with AzureAD, so what’s holding people back?! MFA got 9.5% of the total word cloud mentions.
  4. Training — Training was actually tied with multi-factor authentication but I’m giving it’s own consideration here. Honestly, there is so much to dig into with “security training” or “end-used training” or the ever-popular “developer training” that I can’t go into it here. Just know that I believe if you’re still struggling to ‘train’ people in your organization you are likely doing it wrong. Of course training is important, but the delivery and timeliness, including one-time versus continuous training, is all so critical. And truthfully we as a community have done it so wrong, for so long, it’s hard to jump in and convince someone this time we’ll get it right. Training also received 9.5% mention.
  5. Budget & Passwords — Budgets are going to start declining in cyber-security. Why? Because we don’t have the tools or hard evidence to prove to leadership that the checks they’ve been writing have done any damn good. Think of how big some of these companies’ budgets are that have had the mega-breaches … folks it’s not about the budget but how you analyze and mitigate specific risks that are relevant to your organization. So much to unpack in budget… What can I say about passwords except … oh hell. We’ve been trying to kill the password for, well forever. It’s not worked out so well. Maybe we’re getting closer, but I think that all these strong opinions and religious battles over how to replace passwords is doing more harm than good. You want a solution, MFA + password managers. Win. Both of these words had 7.1% of the word cloud.

Now what?




I’m Rafal, and I’m a 20+ year veteran of the Cyber Security and technology space. I tend to think with a wide-angle lens, and am unapologetically no-bullsh*t.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Breaking Modern Encryption With a Toilet Roll: An Introduction to Quantum Computing

No, Apple does not Care about Your Privacy

SVTMedia for following us on Twitter!

{UPDATE} SHELL SHOOTERS Hack Free Resources Generator

Simona Rollinson of ISACA: 5 Things You Need To Know To Optimize Your Company’s Approach to Data…

Why Australia’s Encryption law could affect Africa

Facing a Cyber Crisis With Business Confidence

{UPDATE} Madagories Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rafal Los

Rafal Los

I’m Rafal, and I’m a 20+ year veteran of the Cyber Security and technology space. I tend to think with a wide-angle lens, and am unapologetically no-bullsh*t.

More from Medium

Cyber security for beginners: Part 11

Weekly Digest#2 : CyberSecurity News, Blogs, Articles and much more

Securing SD-WAN with Zero Trust Network Segmentation

Extremely Easy Security — Learn Cyber Attack Types in Plain English (1.2 Part 1)