Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

4 key areas cybersecurity leaders should focus on

By Daniel Elkabes
cybersecurity-plan-fp1170x658v.jpg

Image by eamesbot via Freepik

August 25, 2022

Cyberattacks are becoming more sophisticated and frequent, and cybersecurity leaders are feeling the strain as they protect swaths of critical and sensitive data. 


But the security industry is stuck. 


Far too many companies struggle with how to protect their most valuable assets, and developers and security teams alike are stretched thin. The widening gap, estimated at 3.5M roles, for cybersecurity talent creates tension among those teams, and some developers feel they are forced to sacrifice security for productivity. 


Here are four critical areas every chief information security officer (CISO) should invest in now to help set their team up for success.


1. Security Staff Training 

Training staff is fundamental to understanding what tools are in place and how the company can maintain proper software security. With companies of all sizes vying for cybersecurity talent, leaders are currently looking to fill the gap with upskilling and training to maximize the impact of their existing developer and security teams. 


While security training should cover all employees at a company on a basic level — such as training on phishing attacks, multifactor authentication, and strong passwords — cybersecurity leaders tend to focus on the development function within their organization. Best practices from The Open Web Application Security Project (OWASP) offer a good starting point for training developer teams and can be facilitated by team leads. Working with the team leaders of development teams often generates the best return on the investment, but I believe that leaders should aim to work with all of their developers in some capacity. 


A recent report from McKinsey focused on reducing cyber risk with cybersecurity talent stresses the importance of understanding what to prioritize in terms of security and the ability of a team to adapt to new threats. Leaders must ensure they have the right people with the right knowledge and advocate for the proper tools and educational resources they need to make an impact. 

 

2. Providing Visibility 

With today’s applications composed of many moving parts — proprietary code, open-source code, and code from vendors and integrations — vulnerabilities can fall through the cracks. For leaders to adequately respond to new threats and vulnerabilities, and steer the company away from falling victim to future attacks, a bird’s eye view of all code is critical, whether in the form of a software bill of materials through a vendor or with a proprietary system. The goal should be to zoom out as much as possible to get a macro view of the company’s code and potential cybersecurity needs. 


Just like any function leader needs an understanding of their organization’s general KPIs, security leaders need the full picture of their code and infrastructure. Without seeing the full picture, leaders risk spinning their wheels and wasting investment by not making enough strides toward securing their organization. 


For example, you can spend developer hours manually checking all of your company’s code for vulnerabilities and deem it clear and risk-free. But if you neglect to review that code for supply chain security issues, you can potentially pull a malicious package directly into your code. 


That macro lens helps companies quickly and efficiently address issues: think about how omnipresent the risks of Log4j are, found in everything from games to enterprise software. With requirements to act swiftly, only those with a real understanding of where there could be a potential risk or indirect dependency are aptly prepared. 


3. Keeping up-to-Date With Security Technology 

Your organization’s product keeps evolving, and you’re continuing to put investment behind security practices — but the same is true for cybercriminals. Cybersecurity leaders should stay abreast of new trends and next-gen technologies that cybercriminals may employ and explore how they can invest in these technologies internally to thwart those advancements. 


For example, artificial intelligence (AI) is a promising technology for this use case. Security companies have already completed the legwork of refining and tuning AI tools to minimize false positives and smooth the integration with other security technology.


As a result, implementing and benefiting from AI tools is worthwhile, especially for leaders looking to expand their tech stack.

What is most important is remaining on top of the latest emerging cybersecurity technologies (such as behavior analytics, blockchain, and deep learning) that can be used internally as well as by sophisticated malicious actors. For example, both attackers and organizations may use behavior analytics to detect and track one another’s work. 

 

4. Prioritizing Remediation Effectively 

The sheer volume of potential security vulnerabilities makes it impossible for development teams to catch up while maintaining and building on the existing product. Cybersecurity leaders should prioritize remediation efforts strategically and pursue the vulnerabilities most likely to impact the business — not all vulnerabilities warrant a fire drill. 


Many security solutions only detect vulnerabilities in code without providing context on how to solve them. For this reason, leaders should invest in deepening and developing their risk and remediation strategy framework to optimize for solving future problems. Awareness of a vulnerability or potential threat is the first step. Still, effective remediation of security vulnerabilities in a prioritized fashion — and using team resources to resolve the correct issues — is what secures an organization. The end goal is to have secure, fixed code, and a focus on detection leads to a false sense of security. 


This remediation-first approach could include verifying that any new code addition or library is well maintained and taking it further by creating a process that pulls future fixes into your code. 


While some of these areas may require reprioritization of time and resources, security is of utmost importance for businesses across industries today, making changes to safeguard against potentially catastrophic cyberattacks.


By empowering employees to uplevel their security practices, ensuring technical visibility, continuing to explore new technologies, and prioritizing remediation strategically, leaders can improve security for their organizations. 

KEYWORDS: cyber security information security risk management security technology security vulnerabilities training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Daniel Elkabes is the Vulnerability Research Team Leader at Mend, which is responsible for finding new vulnerabilities within open-source projects and being the security authority. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud-enews

    Cloud Solutions: Four Key Areas of Focus

    See More
  • financial-freepik1170x658v4697.jpg

    3 areas of focus for cybersecurity professionals in 2022

    See More
  • New Newswire Feature Image 3/8/2012

    Security Should Focus on Cybercrime, not Antivirus: Report

    See More

Related Products

See More Products
  • 150 things.jpg

    Physical Security: 150 Things You Should Know 2nd Edition

  • CPTED.jpg

    CPTED and Traditional Security Countermeasures: 150 Things You Should Know

  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!