I predict that Cyber-Impact-Mgmt will become a very lucrative specialization for IT infrastructure architects in the next couple of years.

@rysiek @seb

We've got those on our team... May have to rename their title.

@rysiek (Re-)Architecting IT infrastructures in a way that allows you to respond/contain incidents with a measured deactivation/isolation of systems.

@rysiek Without having to shutdown the Internet for the whole location/data center every time you have an active adversary on the network.

@seb that totally sounds like a fun role, if there is enough buy-in from management and the rest of devops/sysops

@rysiek Yep, similar to a purple team member but more on the infrastructure architect side.

@rysiek buy-in from Management comes with the second cyber induced large scale outage at the latest ;-)

@seb can you pls define what you mean by Cyber-Impact-Mgmt ?

@duncanhart I think it is a combination of network (micro-)segmentation, privilege access management, infrastructure high availability, vuln mgmt, patch mgmt.

All of these disciplines applied to specific application stacks or services that organization cannot effort downtime for.

@duncanhart From a management objective perspective you are trying to break apart a risk domain. That is when a specific business unit has more or less risk appetite than the rest of the org.

@duncanhart You are taking care of the risk introduced by John Wayne from the Marketing team.

Sign in to participate in the conversation

InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: