Leadership, Operations, Security, Strategy Franklin Donahoe Leadership, Operations, Security, Strategy Franklin Donahoe

Bridging the Divide

This article discusses the challenges CISOs face in communicating cybersecurity risks effectively to various audiences, including the board, senior management, and technical teams. It highlights the limitations of traditional cybersecurity metrics and advocates for outcome-driven metrics tailored to each audience's needs. The article also explores communication strategies, such as translating technical concepts into business impact and utilizing frameworks like cascading communication, to enhance transparency, build trust, and foster cybersecurity accountability within an organization.

Read More
Architecture, Strategy, Technology Franklin Donahoe Architecture, Strategy, Technology Franklin Donahoe

A Library of Architectural Frameworks for IT and Cybersecurity Professionals

This document provides a comprehensive overview of key architectural frameworks for IT and Cybersecurity professionals. It covers Enterprise Architecture (EA) frameworks like TOGAF and the Zachman Framework, which focus on holistic enterprise design and management. It also details Cybersecurity frameworks and models including SABSA, the NIST Cybersecurity Framework (CSF), and Zero Trust Architecture (ZTA), offering guidance on managing cyber risk and designing secure systems.

Each framework is analyzed regarding its description, uses, pros and cons, practical application examples, and links to associated governing bodies and official guidance resources. The document aims to serve as a reference library for understanding these frameworks and their applications in improving business efficiency and establishing resilient security postures.

Read More
Strategy, Architecture, Security, Technology, Operations Franklin Donahoe Strategy, Architecture, Security, Technology, Operations Franklin Donahoe

Securing the Cloud with Cloud Native Application Protection Platforms (CNAPPs)

This article provides an overview of Cloud Native Application Protection Platforms (CNAPPs). It defines CNAPPs, outlines their core functionalities (including CSPM, CWPP, CIEM, DSPM, KSPM, CDR, IaC Security, API Security, and Artifact Scanning), and discusses their role in multi-cloud environments. The document also compares native CNAPP solutions from major cloud providers (AWS, Azure, GCP), addresses the architectural challenges of implementing CNAPPs, and explores the advantages and disadvantages of adopting this security strategy. It concludes with recommendations for organizations considering CNAPP adoption.

Read More
Security, Strategy, Operations, Technology, Architecture, Leadership Franklin Donahoe Security, Strategy, Operations, Technology, Architecture, Leadership Franklin Donahoe

Navigating the Nexus: Aligning IT, Security, and Business for Transformational Success

This article discusses the importance of aligning IT, security, and business functions for successful organizational transformation. It covers various aspects of transformation, including digital, cloud, business, and operating model evolutions. It also explores best practices for strategy development and execution, diverse perspectives on transformation goals, established frameworks and methodologies, common pitfalls, and the impact of organizational structure and communication strategies. It provides guidance to senior executives and leaders in navigating the complexities of integrated transformation and fostering a collaborative environment for sustained success.

Read More