A term called “Data-Driven Defense Evangelist” thrown during the meeting, I have googled it and what I can gather is that are computer systems inefficient in security defenses that most companies assume that they can easily be breached in turn get or setup “A data-driven computer security defense” that will assist right threats and defenses (in other words, weak computer setup replaced by string secure computer system). But I didn’t see anything about the evangelist part.
May I know what is the role for Data-Driven Defense Evangelist’ and what computers or tools falls under this description?
Coined as a role to go towards more quantifiable risk-base defence in which each defender should constantly ask themselves
- “Are we focusing on the right threats?”
- “Are we deploying the most effective mitigations?” and
- “Do we need to change anything?”
One example holding this role is Roger A. Grimes; Data-Driven Defense Evangelist, KnowBe4, Inc.
Much of the decision making for defence has been control or even solely compliance driven. So to better strategy is to invest in key defence that can mitigate the key impactful risk caused by targeted threat actors. Attacker just need one compromised one weakness to penetrate in while defender had to cover all grounds.
The use of MITRE ATT@CK has serves well in articulating the kill chain and with those telemetries collected in each stage of tactics, defender can shift left for more proactive preventive measures to reduce atfack surface and shift right for robust response taking on assumed breach mindset.
Check the following webinar by Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, who will teach how you can close your organization’s most critical third-party security gaps by taking a data-driven approach to identifying, understanding, and acting on risk.