Every week, Sprocket Security CEO Casey Cammilleri interviews an expert leading the charge on empowering security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity.
He recently spoke with Brett Price, Lead Cybersecurity Consultant & vCISO at AccessIT Group. Here are the top takeaways from the interview.
#1: Build Incident Response Plans Before Buying Security Tools
“First of all, understand your assets. Understand where that critical data is, where is it sitting, what are the vulnerabilities on that asset? And focus on vulnerabilities that have public exploits, are currently being exploited in the wild, those types of things and patching those. But obviously first you need to make sure that you understand your overall exposure, so you understand where you're most exposed, and that's usually at the edge. It's usually a website with a form on it or something like that.
“One of the other things that I really want to bring up is the fact that whether you're a small company or whether you're an enterprise, large enterprise company, one of the best things that you can do is formulate an incident response plan and practice it. And there's two reasons for that.
“One is [building] a solid cybersecurity program can take a long time, especially when you are trying to work with a culture that is somewhat adverse to that sort of thing. And it can take a while. So the best thing you can do is formulate, write an incident response plan, and exercise it. You need to make sure that you're building in that muscle memory because when it hits, the adrenaline starts pumping and your mind goes blank. I'm sure everybody's experienced that.
“What we talk about there is we talk about reducing the blast radius. If we have a good incident response plan, we've practiced it, then we know where our entry points are, we know where the segmentation is, we know what to shut down first or cut off first. Whether it be cutting off a port to a segment to isolate the segment. And then, make sure you have playbooks so you know how to eradicate whatever is in there, from ransomware, or info-stealing malware, or things like that.”
Actionable Takeaway: Map your critical data locations and focus on vulnerabilities with active exploits rather than theoretical risks. Although comprehensive security programs take years to develop, incident response plans deliver immediate protection. Practice your response procedures regularly because adrenaline causes minds to go blank during real attacks. Knowing which ports to shut down and how to isolate network segments reduces blast radius when breaches occur.
#2: Get Executives in On the Incident Response Drills
“I think there's two methods, that we use anyway. There is an executive-level method, which I think is really good, where you get all of the leaders in the room and you run through a ransomware attack.
“So you'll have a company set up a scenario for you and they'll build out the entire scenario and you don't really know what the scenario is. And then we all sit down in a room and we talk it through from a leadership perspective, because the consequences for some breaches in some organizations are vast and they require and they're going to affect CEO, CFO, CIO, Chief, legal, all those people. So that's one method.
“The other method is more of a technical method where you really get the technologists or the threat hunters or the threat intel teams actually going through the motions. And that's where they build up that muscle memory with all different kinds of scenarios, depending on their organization, usually sure, they should have a SIEM and they should understand their entry points and that sort of thing and how they go about finding and isolating and containing and eradicating the threat.”
Actionable Takeaway: Executive tabletop exercises prepare leadership for business consequences and decision-making during major breaches affecting CEO, CFO, and legal teams. Technical drills build operational muscle memory for threat hunters using SIEM tools and containment procedures. Both methods are essential because breaches impact different organizational levels in distinct ways, requiring separate preparation approaches for effective response coordination.
#3: Connect Security Practices to Employees' Personal Lives
“The culture starts like with any relationship. You have to build trust and credibility up front and then take it slow, don't try to push things down people's throats, help them understand why what they're doing and what we're asking of them is important.
“A lot of times you can relate it to their personal lives, and I think that's where it hits home too is if they understand how it could potentially impact their personal lives. You tell them, have a 12-character password, username, because that's policy. But then they go and they use it somewhere else and that company gets breached and they have their data.
“Now it's not only them or the company that's affected, but it could be their personal lives that are affected because they used that same username and password or used the same email password or whatever.”
Actionable Takeaway: Security culture grows through trust-building and personal relevance, not policy enforcement. Help employees understand how work security practices protect their personal data when they reuse passwords across multiple accounts. Companies that get breached expose both corporate and personal information. Taking time to explain why security matters prevents resistance and creates lasting behavioral change throughout your organization.
