So, this last #COSAC2023 post covers a hodgepodge of topics. It demonstrates the diversity and broad range of mind blowing and relevant topics covered by #COSAC2023. This should encourage people from all backgrounds, including younger cybersecurity pros to attend #Cosac2024. I added some commentary to some of the journal entries.

I figured it would be best to consolidate into a single super #COSAC2023 posting. I know that the suspense of waiting for the remainder of my journal entries was figuratively killing many #COSA2023 fans. I think that the earth’s rotation speed slowed downed too in anticipation of this final posting.

Here it is…

1) the attributes of a telling a good story. Can you tell a good story to get people emotionally engaged and committed to your cause (e.g using SAbSa methodology, getting extraordinary performance review, speech at best friend’s wedding, bedtime or at campouts with your kids or cyber strategy)?

2) synthetic media (ie deepfakes). Don’t count on detection to save the day. Is your public relations and or threat intel team aware of this issue and have they updated their runbooks to account for it? Have you educated your family?

3) pattern use decision tree. Critical for architecture to be scalable and self service oriented

4) Todd Fitzgerald’s (see https://www.routledge.com/CISO-COMPASS-Navigating-Cybersecurity-Leadership-Challenges-with-Insights/Fitzgerald/p/book/9780367486020#) approach to applying McKinsey 7s frameworks (https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/enduring-ideas-the-7-s-framework) to cybersecurity. I need to figure out how to apply.

5) “Jenkins CSA Maturity Journey” map. Very creative way to visualize and organize your CSA story