Former CISO, State of CaliforniaLinkedIn
The thing that really, really piqued my interest in what Lucidum’s doing is, as I’ve talked to before, there are a couple key things you have to have: visibility, as well as context. And both of those are notoriously difficult to pin down.
From the visibility standpoint, you’re talking to multiple technologies all over the place, different protocols, you name it. And then once you gain that visibility, what goes into it? Who’s accessing it? Why are they accessing it? What’s the context behind it? And it’s another really critical thing to get and you can’t take action, or actually let me backtrack that, you can take action without visibility and context, but you probably won’t get very far as a CISO, because you’re going to get fired.
So really, the visibility and context pieces are removing the gray unknowns out of what’s within your environment and understanding the risk across the board. If you have those two key components, you can identify what a prioritized list of actions can be.
I have visibility to all my critical assets.
I have the context of who’s doing what there, and why, and I know that if something goes awry, that I should take action.
And you’re able to do so. Lucidum is interesting because it allows for that. It allows for visibility, as well as the context piece, which is absolute gold.