Member Priorities

Experiential Development & Cyber Exercises

Model Programs to Develop Talent and Improve Performance

Special Focus: Women in Security 

Hypothesis 1: Organizations using cyber ranges for individual development and exercises will gain an advantage recruiting, training, and retaining cyber talent, and support diversity and inclusion goals.

Hypothesis 2: Ongoing, offline access to cyber ranges will become a fundamental tool over the next 5 years to continually improve security team capacity and performance.

3rd Party Security Risk Management

Emerging Practice and Innovative Partnerships

Hypothesis 1: New threats and dependence on vendors managing sensitive data and vendor software with elevated privileges running our networks and systems require fundamental changes in 3rd party risk programs, including risk frameworks, contractual terms, automation, and industry collaboration.

Managing to New Privacy and Security Standards

The Impact of Regulation and Cyber Insurance

Hypothesis 1: Cyber insurance has become a standard for corporate risk management strategies, and CISOs must play a central role in shaping those relationships and take actions to reduce premiums. 

Hypothesis 2: Faced with escalating and varying regulatory requirements, organizations will develop standards in practice in response to the most stringent regulations they are required to meet.

Collaborative Defense in the Cloud

Joint Strategies for Security Innovation & Incident Management

Hypothesis 1: Leading organizations will work with Cloud providers to map the next frontier of Cloud innovations in security and identity management and fundamentally reengineer their systems.

Hypothesis 2: Improving security in the Cloud requires a new level of coordination and collaborative incident preparation and planning between customers and providers, including joint exercises.

Red Teams for Continuous Assessment

2020 Research Topic Revisited

Focus Topic: See who has explored or implemented Red Teams, where they have been most successful, and how they have scoped the activity.

Asset Management

Emerging Practice and Innovative Partnerships

Focus Topic: A difficult task to perfect, but strong asset management is an essential building block for building a security program. Challenges range from asset discovery to lifecycle management. Acquisitions and mergers add to the scope. In order to best protect an enterprise, it’s best to know how far and wide it stretches, and what remains connected even after you thought it was unplugged.  

Vulnerability Management

Emerging Practice and Innovative Partnerships

Focus Topic: Another important building block for a security program. Prioritization and timely patching require a thoughtful program to respond to the needs of your individual organization. Responding to the current supply chain attacks.

Threat Intelligence

Building And Running An Effective Threat Intel Program

Focus Topics:

  1. Building a program - justifying the need, attracting the right talent, building networks, establishing budget support
  2. Getting the most from External Sources: Commercial Feeds, ISACs & ISAOs, Open Source
  3. Effective Vendor Management: What to outsource, how to structure, how to manage, how to get the most from your providers