Every time a major breach strikes, people are outraged by the negligence and carelessness of the company responsible. “How could they possibly allow such incompetence? The CISO and CEO must be fired!” They’re not wrong: The cybersecurity situation in many companies is outrageous. But it’s also important to understand the full scope of the challenge.
Many people use analogies to cars and houses when discussing security but, in reality, the security of a modern organization is akin to securing an entire city. You’ll need the equivalent of a police force, private security, SWAT team, managers, architects, locks, gates, cameras, sensors, rules and regulations, inspectors, assessments — and much more. This city is built out of hundreds of millions of lines of code across thousands of applications, with tens of thousands of software components, all connected through a complex morass of