We spent the past year surveying senior leaders, analysts, and experts, identifying trends and successes that are defining a new generation of cybersecurity visionaries within the SLED community.
During this research, it was clear that the characteristic that defines the most successful security programs is the evolution and continuing efforts of a forward-thinking security or IT leader. The challenges these women and men regularly navigate involve a volume of end users that outstrips any private corporation, no matter how large. They’re bound by law, not by profit, and often hampered by time-constrained spending and election cycles.
It was also clear that these decision-makers weren’t feeling heard in discussions of strategies and trends within their own organizations. They felt like an afterthought in security industry reporting and weren’t recognized for their needs. In response to this gap, we created the2022 Cybersecurity Priorities Report (CPR), to highlight SLED advancements, challenges, and leaders, and to circulate their advice and strategies.
Download the report to learn how successful SLED leaders have recognized and addressed these key topics:
Emphasis on Zero Trust Architecture
SLED leaders have recognized that zero trust is a core element of supporting remote workforces while addressing the increased virality of cyberattacks and the risk of public exposure. Learn how other SLED organizations have designed, justified, and delivered on zero trust strategies, and what benefits they’ve seen.
Cybersecurity Collaboration Is Evolving
SLED organizations have a rare willingness to share information and collaborate with their peers. While information sharing organizations exist, our research shows they don’t provide enough of the information that SLED security leaders need, and often focus on threat intelligence and detection, not delivering actionable information and recommendations that are of the most benefit. The recent influx ofavailable fundingfrom the federal government is leading to the development of broader initiatives and partnerships that will drive better collaboration, while tighter relationships among SLED leaders are increasing the frequency and value of such cooperation. Learn what this may mean for your own approach to working together, and how these resources can bolster your organization’s security posture and capabilities.
Application Security in the Public Sector
Improving application security is unlike other security or IT efforts because it involves more than just applying new technical controls, training users, or detecting and blocking visible attacks. It requires new thought processes from organizational leaders who are accustomed to acquiring or developing applications to solve immediate problems. TheSLED CPRexamines the causes and impacts of the current struggles with application security, giving recommendations and specific SLED examples of innovations in all phases of application acquisition, from vendor requirements, to contract terms, to testing and application certification.
Cyber Resilience Early Warning System (CREWS)
Learn about CREWS, the latest structured approach to information sharing, particularly focused on threat intelligence and defensive recommendations. CREWS is short for Cyber Resilience Early Warning System. More than a reactive tool for threat hunters searching out IOCs, CREWS is built to deliver both the identifiable characteristics of an active threat and specific recommendations for how to avoid falling victim to that new threat in the first place.
Threats and Actors
Our research shows that specific threat actors and attack types are appearing with more frequency in the SLED community. Successful teams focus on the threat vectors exercised by these attackers to identify gaps and areas suited to practical risk mitigation, regardless of the source and motivation of the attack. Learn how we identify and examine bad actors, how to leverage known threats, and how to plan for the next emerging bad actors.