Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsCybersecurityManagementCyber Tactics ColumnSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

Cyber Tactics

Cybersecurity’s top 3 opportunities for 2023

With the year ahead looming, security leaders can focus on three challenges to manage and make their organizations more resilient and secure.

By John McClurg
Woman on beach

Marco VDM / E+ via Getty Images

cyber tactics
Woman on beach
cyber tactics
December 19, 2022

“God grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference.”

The saying is printed on coffee mugs, T-shirts, and signs at craft stores. The likes of Yale University, the New York Times, and media around the world have explored its history and impact. It is a very concise piece of prose with which you may be familiar.

Many know this as “The Serenity Prayer.” We in the cybersecurity profession have long appreciated that serenity is not exactly joined at the hip with what commands our attention on a daily basis. In fact, those of us who have accepted responsibility for the security of others typically adopt a state of constant vigilance, which hardly sounds like a good recipe for achieving serenity. However, when I look ahead to the cybersecurity landscape for 2023, a useful business parallel to this classic saying emerges in my mind:

We must accept that threat actors will throw some surprises our way in the year ahead. However, we can change our security posture for the better by focusing on certain priorities in 2023. And it takes the wisdom of intelligent leaders and skilled teams to carry this out successfully.

With that said, instead of making a list of random cybersecurity predictions for 2023, I want to focus on three challenges we can manage to make our organizations more resilient and secure in the coming year ahead.


1. Prepare for Executive Order Security Attestations

Are you ready to attest to the U.S. government that your software is developed securely? Around the middle of 2023, federal agencies will require attestation that organizations follow a Secure Software Development Framework (SSDF) to create software they license or sell to any agency.

The White House Executive Order (EO) 14028 requires this change for doing business with the government — and many highly regulated vertical industries are moving in this direction as well.

The SSDF is a set of secure software development practices designed to decrease the number of vulnerabilities in software releases, mitigate the impact when threat actors exploit unaddressed vulnerabilities, and help address root causes of vulnerabilities to limit future recurrences.

The National Institute of Standards and Technology (NIST) says several verification methods will be used based on the criticality of the software. These include:

  • Self-attestation
  • Requisite certifications
  • Site visits
  • Third-party assessments

Be prepared to share artifacts to prove your case because government agencies are being empowered to ask for them.

EO 14028 also allows agencies to require a Software Bill of Materials (SBOM). My colleague Christine Gadsby — who is Vice President of Product Security at BlackBerry — spends a great deal of time working in this area.

“We know the industry is feeling pressure to understand their true attack surface in their supply chain,” Gadsby says. “And I believe most companies find components in their supply chain they didn’t know existed.”

Preparing for attestation and SBOMs should be a key focus for many in 2023, and doing this exercise will increase our collective cybersecurity posture one organization at a time. Luckily, new tools are available to speed up the process of analyzing source code to find potential vulnerabilities.


2. Anticipate and Prevent Supply Chain Attacks

Creating a more cyber-secure software supply chain is part of the fallout from the 2021 SolarWinds attack. From this and other incidents, the security world was reminded that attacking a supplier can grant attackers access to multiple organizations or agencies at once.

We saw more of these supply chain attacks in 2022 and should also be preparing for this possibility in 2023. Are you relying on a single vendor to provide both business operations and cybersecurity software solutions? If so, do you have a business continuity plan for when that platform is compromised and you must suspend its use?


3. Convergence of Physical and Cybersecurity

Physical security and cybersecurity are converging. We can take advantage of this by breaking down siloes between the two sides.

For example, a physical security access program’s supporting infrastructure now sits on the network. Having monitors that reflect the status of that system sitting next to ones being monitored by your cybersecurity operations team is highly valuable. This allows for opportunities to cross-train and leverage headcount that might otherwise have to be duplicated.  

And the exponential growth of Internet of things (IoT) devices attached to corporate networks should be a key focus of any convergence discussion. IDC recently highlighted 19 industry verticals that have multiple use cases for IoT devices, and, in many settings, these devices sit well outside a secured perimeter.

I started this column on what you might call “a wing and a prayer,” and now I’ll end it with a quote from corporate management guru Peter Drucker. One of his most insightful quotes stands out to me as very applicable for the year ahead.

“A time of turbulence is a dangerous time, but its greatest danger is a temptation to deny reality.”

We can no longer afford to deny the reality — in fact, the enormity — of cyber risk that faces all organizations, regardless of size. However, we can do something about this risk and reduce it to a level that improves security while aligning with our organizations’ unique risk appetite.

And despite the constant worry and watchfulness that “comes with the territory” in this security business, I believe that when our people, processes and technologies are all in alignment with each other and our corporate objectives, we can take a certain amount of serenity from knowing that we are as prepared for the unexpected as we can be.

KEYWORDS: cyber security information security risk management security vulnerabilities threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber tactics

    2023: The year for contextual cyber threat intelligence

    See More
  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 150 things.jpg

    The Handbook for School Safety and Security

  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

See More Products
×
Marco VDM / E+ via Getty Images

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!