The Art and Science of Building a Simplified Digital Security Program
Over my 35-year career in the IT industry, it has become evident that few organizations maintain a formalized digital security program.
A subject such as this should not be done off the side of someone’s desk. This shortfall can often be attributed to the overwhelming number of tasks needed to achieve corporate goals and objectives. Given that almost all organizational activities today require digital engagement, it’s no wonder we frequently see cyber incidents making headlines.
CyberDynamX draws on real-world experiences and observations of how many organizations handle their digital security with a handful of overworked individuals. Within its pages, you will find a streamlined yet effective guide to formalizing a digital security program. However, the initial formalization is just the beginning. It must be followed by vigorous implementation and integration into the daily operations. From my work with various organizations, I’ve observed that successfully formalizing a program lays the groundwork for embedding digital security into the organizational culture.
Here’s a glimpse of what’s inside:
Section 1 – RISK: Discusses the intricacies of risk management, including risk appetite and tolerance, treatment, and the importance of maintaining a risk register and fostering a risk-aware culture.
Section 2 – CLASS: Introduces a unique approach to classifying data assets, essential for risk identification, security architecture, and developing control documents. This section also explores structured and unstructured data and the concept of a record.
Section 3 – DESIGN: Explores IT Governance and Security Architecture, detailing how IT security fits into the organizational structure, governance authority, and using a reference architecture to guide secure implementations.
Section 4 – CONTROLS: Breaks down the elements of a robust digital security policy, including policies, standards, procedures, guidance, and baselines. This section also offers comprehensive details on supporting components required to ensure policy effectiveness.
Section 5 – IMPLEMENTATION: Outlines key components for bringing a digital security program to life, including forming advisory groups and navigating the approval process. It also stresses resilience over searching for a “silver bullet” solution (which doesn’t exist).
By the end of this book, you’ll have a clear understanding of how to formalize your digital security program using the CyberDynamX method. Materials have been developed that support the ideas in the book, which are also available to kick start your program.
Purchase my book at your favourite book store
I'm a practical person, and I don't like to fall into excessive praising, but I chose my words lightly when I say you were very inspiring.
Sr. Consultant/Manager
KPMG
Curtis is a strategic 21st Century thinker and doer and he has a vision that captures the imagination. Curtis is a highly regarded leader in the security community.
CSO / Canadian Security Director of the Year
TELUS
I've never worked with a person with more integrity.
Information Security Analyst
AIMCo
Curtis is the definition of professionalism. He is one of the most knowledgeable professionals it is my pleasure to know in the areas of Security and Compliance.
He is a visionary…
CTO
ATB Financial
Curtis is a leader, humble, creative, and has a tremendous amount of integrity.
Team Manager
Alberta Blue Cross
He always demonstrates professionalism in every facet of business and has a proven record of success as a leader…
Director, National Solutions Delivery
TELUS
Curtis is a pragmatic strategist who emphasizes risk reduction and digital resilience by implementing effective controls in key areas to thwart one's adversaries.
Field CTO Cybersecurity
Cisco Canada
I still have the materials and lessons learned from the leadership program you did for us!
Manager Server Infrastructure & Operations
Alberta Blue Cross
If you’re looking for someone with that rare combination of character, vision and leadership, who can still roll up their sleeves to get things done, meet Curtis Blais.
President
SC Canada Services Inc.
Curtis’ leadership and guidance in advancing cybersecurity programs within Canada’s higher education sector highlight his deep expertise in risk management and his commitment to high standards.
Chief Information Security Officer
British Columbia Institute of Technology
I have been consistently impressed by Curtis' professional competency and solid knowledge in the IT security, compliance and governance disciplines.
Sr. Manager
Alberta Blue Cross
I believe the book is well positioned to be a thought-leader and practical guide for organizations looking to establish a solid security posture. I love how the book transcends the commercial and not-for-profit sectors, and is applicable to companies in Canada, the US, and internationally. Highly recommended and worth every penny!
CISO
MRNET
Your work has been sooo helpful!
Director, Information Technology
Olds College
I’ve had the privilege of working with Curtis on some really cool things this past year. He’s a trusted source, whip smart, super humble, and an all-around great guy. If you’re employed in any cyber security role regardless if you’re just starting out or have a few battle scars, his book is probably something you want to add to your library.
Director, Cybersecurity & CISO
MacEwan University
…you speak with humility, something that makes you very approachable, especially to people who may not have the confidence of those more established in the field. Cybersecurity needs more people like you.
Chief Information Security Officer
University of Northern BC
I wish that I’d had this book when I was starting out in cyber security. It would have saved me from making many common and uncommon mistakes, leaving me free to find new and creative mistakes of my own to make.
Chief Information Security Officer
University of Northern BC
Curtis has proven to be a strong and highly knowledgeable professional who has served our organization very well…
CIO
Alberta Blue Cross
Curtis is one of the most creative mind I know, and taught me to think outside of the box…
Senior Security Consultant
TELUS
Much of your work regarding IT Security Governance has remained as the foundation for effective operations. And it provided an excellent foundation that we could expand upon. Your great work, and its cumulative impacts, set us up for future success in a lot of regards. Also, our Enterprise Architect is a big fan.
Director of Information, Risk & Compliance
NorQuest College