Episode 80: The Man Who Protects Our Secrets: Bob Bigman on Mitigating Enterprise Risks
OODAcast - A podcast by Matt Devost & Bob Gourley
Bob Bigman spent a career in the intelligence community. He was the CISO of the CIA where he was tasked with leading efforts to protect the nation's most sensitive secrets. He remains a practitioner. Since 2012 he has provided direct consulting services to CISOs, CIOs, CTOs and CEOs seeking to reduce risk and improve security programs. Through it all he has built a reputation for rapidly assessing the state of enterprise security programs and then working to build action plans to drive continuous improvement. This OODAcast examines aspects of Bigman's approach to security that can inform you own approach. We also solicit his views on compliance and security checklists, metrics, and the state of the IT industry (he does not hold back on any of those!). Some other topics we covered include: - His journey from history major to cybersecurity practitoner - His views on why some organizations are better mitigating risks that others - The importance of senior leadership in mitigating cyber risks - The role of the red team in cybersecurity - Advice for businesses that cannot afford a CISO - The state of cybersecurity in local and state governments - Why there are 1000's of cybersecurity technologies on the market today and what that says about the state of the IT industry - The virtues of the MITRE ATT&CK approach - Views on the future of cybersecurity Related Reading: Black Swans and Gray Rhinos Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking Corporate Sensemaking: Establishing an Intelligent Enterprise OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking COVID-19 Sensemaking: What is next for business and governments From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page. Space Sensemaking: What does your business need to know now A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking Quantum Computing Sensemaking OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking. The OODAcast Video and Podcast Series In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast