- Adapt Faster
- Posts
- Get Plugged In
Read time: 5 minutes
Welcome back my fast adapting friends.
It’s week 8 - 8 is our favorite number for reasons I might disclose in the near future.
Here’s what’s going on this week:
Adapt Faster: Get Plugged In
Transform Smarter: How to calculate the ROI of Cybersecurity
Prompt Smarter: 11 yr. old hack
Around the Angle: Verizon DBIR + OpenAI’s Cyber commitment
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
Get plugged in.
We get stuck in the routines we’ve created either consciously or sub-consciously. It makes it difficult to find time to up skill and learn something new with intention and focus.
It’s one of those things that’s easy to talk about in the digital town square yet seemingly very few people eat their own words.
I could tell you all about 5 strategies to maximize your focus or 4 reasons you’re not leveling up, but none of that will matter if you don’t take control of your priorities for yourself.
It’s real simple. If you’re able to, block out a couple of hours per week and consider signing up for an affordable training, an online course, or pick up a book geared towards something you’re most interested in learning about.
Then commit to it and take your time. The only thing you’ll accomplish by rushing through a training, course, or book is a waste of valuable time. It doesn’t count if you don’t remember and are unable to apply what you’ve learned.
Get plugged in,
to SELECT sources of knowledge that will help you level up the fastest.
I’ve read only 2 books this year, INTENSELY; starting my 3rd
Grow Your Business Like a Weed, by Stu Heineke - strategy & tactics in my business growth
Cyber Defense Matrix, by Sounil Yu - using this in my cyber program
Start-Up Secure, by Chris Castaldo - on deck
I’ve been gun shy of online courses, but here are two low-cost, high value courses I don’t regret in the slightest.
Justin Welsh’s Linkedin OS Course (Marketing) - you may have noticed my Linkedin game lately : )
Josh Braun’s Badass B2B Growth Guide (Sales) - love his outlook on detachment, the opposite of attachment; it’s what creates sales people you tend to despise.
Adapt faster.
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
Transform Smarter
DISCLAIMER: I’m a vendor agnostic, humanly biased Cybersecurity Advisor by trade. If you’d like to support me, visit catchadvisors.com and talk to me face-to-face.
Calculating the ROI for cybersecurity is one of those things that very few people know how to do, well.
That’s because there’s too many variables, too much mystique, and it’s too complex for most of us to compute. Larger organizations have attempted the challenge, but they end up skewing the results of the ROI as a marketing play to get you to buy their solution.
Is there not a vendor agnostic ROI calculation for cybersecurity?
One that tailors to a multitude of solutions vs. one?
This possibly exists somewhere behind closed doors and locked files, or I simply haven’t found the best answer yet (if you know a guy/gal, hook me up).
Until then, this will have to do, take a look.
To properly calculate this, we’re going to need 4 numbers. I previously posted 2 of the 4 this past week on Linkedin and planned to post the other 2, but got delayed (clients come before this newsletter).
Annualized rate of occurrence (how many cyber attacks do you anticipate per year, can’t be zero).
Expected monetary loss for a single event
Cost of control (cyber security spend)
Reduction in probability of risk of occurrence with the implemented control (this one is the trickiest).
For obvious reasons, the best numbers to use are your numbers. But in the absence of your numbers, the 2nd best numbers to use are our numbers (collective).
We’re going to focus on the mid-market segment, $50M to $2B for this example. It’s about to get real, hang with me.
$100M Company’s Cyber ROI
The average IT budget in mid-market is about 4% of revenue.
On average 10% of the IT budget is spent on cyber.
So a $100M organization might look like this.
IT Budget: $4M
Cyber Budget: $400K
Annualized rate of Occurrence: 72% (mean of 76% likeliness & 68% actually attacked in 2022)
Expected Monetary Loss: $3.16M ($225,500 × 14 days)
Reduction in Probability: 40% (highly subjective generosity)
There you have it. A not so simple vendor agnostic Cyber ROI proving what we already knew; investing in cyber is a good idea. This also serves as some resemblance of proof that the avg. numbers we gathered on the web are backed by some form of reality. I’m sure you can find many ways to poke holes at this, it’s far from perfect, but it’s still a great addition to have in your cyber program and as a part of executive sponsorship.
p.s. I can help you do this for your unique organization, visit catchcyber.com and take the 5 min assessment.
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
Prompt Smarter
Here’s a new prompt I tried this week:
Explain [TOPIC] to me like I’m 11 years old.
Seems too easy right? Well its a great hack to learn anything you can think of in hyper speed. give it a go.
Around the Angle
3 Key Takeaways
Data breaches surged due to ransomware attacks with data exfiltration.
Privilege abuse is a key security risk.
Phishing, ransomware, and web app attacks are on the rise again.
OpenAI is throwing a cool million into a new Cybersecurity Grant Program. The goal? Supercharge AI-driven security and spark deep convos on how AI and cybersecurity play together.
Always Adapting
Thanks for reading! When you signed up for this newsletter I promised to help you adapt faster, transform smarter, and keep up with the hype cycle in AI and Cyber. What did you think of today's newsletter? Reply to this email and let me know what you'd like to see more of.
Thanks for reading.
See you next week,
p.s. if you want to sign up for the Adapt Faster newsletter or share it with a friend, you can find us here
Join the conversation