Honestly, the moral of the story is that you can have increased efficiency if you build the means to collaborate effectively. The information that is passed is applicable to your stakeholders and can be worked on. We can do this through customizing dashboards and reports to visualize end-to-end processes that impact one another. When establishing KRIs, we can identify trends in process performance decline prior to the process failing.

All of the previous chapters lead up to this crazy diagram:

An IT organization is an interconnected web of complex systems that are dependent on one another to function and to be secure. As much as each entity in the team is trying to make it happen, we can improve by developing a better means of communicating the priorities that are required at different levels. 

How long will it take us to get to this point?

Once we get there, what's next?

I would consider that getting to this point would require the management of PIRs at each level, which would be based on strategic decision-making being passed down to tactical leaders, as we've discussed. We can improve this by creating an actual cyber intelligence capability within the organization to manage all of the PIRs. Is this far reaching? Yes, but I believe a few well-resourced organizations are already implementing this in some capacity.

I think it's next-level stuff, and I've seen it work in the military. I've been a part of some amazing combat operations where they utilized the information around them to develop real-time intelligence to engage our enemies effectively and efficiently. Most people think the military mindset is just to take orders. Sure, that is partly true. However, that military mindset has a purpose. That purpose is to win; that winning is a result of a uniformed force of men and women achieving an objective. When you see the collaboration and interaction within a team of military professionals, it makes me want to use that same type of mentality in my workplace, all of the time. 

Cyber intelligence is a move to enable that kind of thinking, and we are already getting there with the adoption of DevOps, agile, and SecDevOps. 

Cyber intelligence is something different than what we are already doing, and it will be a challenge to pull off in any organization. However, I recognize that it is an idea that may or may not work for you and your team. This book was just the beginning of a journey to try and explain the concepts.

So, in the end, I offer you this:

• You and your adversary each have a decision-making cycle (OODA loop). Make your OODA loop smaller and faster by establishing PIRs:
  • Crush your adversaries by being one step ahead
• Utilize what you know (threat intelligence) to disrupt their decision-making cycle by understanding their Cyber Kill Chain:
  • Create chaos (Active Defense) and make it not worth their time
• Develop the intelligence process throughout your organization, PIRs, and enable communication channels back to key stakeholders using F3EAD:
  • Communicate better to decrease exploitation
• Find the weaknesses in your end-to-end processes and decrease potential attack vectors by prioritizing organization projects and using F3EAD:
  • OODA loop and OPSEC
• Create a visualization (through custom dashboards) of processes and identified risks for key stakeholders:
  • After all of the complicated metrics, people want to know if they are good, need improvement, or bad. Keep it simple.
• Establish custom reports that take in data from your different teams to provide actionable items to fix, based on the analysis of risk to the organization:
  • Blasting stakeholders with multiple remediation reports lead to not taking action on the important items. By filtering information from these multiple reports through risk, we can then prioritize items to be work-based.

I hope that this book was as fun for you to read as it was for me to write. I always look forward to constructive criticism of my ideas, as I can only improve on them. Thanks for reading.