Storytelling in business is not a new concept and can take many forms. From real life customer case studies that highlight challenges, solutions, and benefits, to a business fable such as, The 5 Dysfunctions of a Team, focused on business management and leadership, or The Phoenix Project, A Novel About IT, DevOps, and Helping Your Business Win, which provides IT teams with a frighteningly accurate depiction of their day-to-day trials and tribulations. The Phoenix Project was the inspiration for the fictional business story that we are publishing today – CISO Chronicles: The Gathering Storm.
The CISO Chronicles: The Gathering Storm, centers on a fictional engineering firm with 4,000 employees and the Chief Information Security Officer, Tom. We first meet Tom in Episode 1, A Crisis of Identity, as his organization has been infected by the SadG0at ransomware. The attack starts – as with so many headline grabbing incidents – with a compromised identity and follows Tom as he navigates getting his organization back on-line as quickly as possible.
CISO Chronicles was inspired by the Identity Defined Security Alliance Beyond Best Practices Technical Working Group, led by Paul Lanzi, and team members Aubrey Turner, Steven Bahia, Christopher Hills, Morey Haber, Jerry Chapman and Dan Dagnall. The concepts developed by the TWG were turned into a story by Brian Prince, freelance writer, former journalist, and content marketer focused on cybersecurity for more than 15 years.
The IDSA Beyond Best Practices Technical Working Group is focused on providing interesting, thought provoking, and yet practical, content and perspectives on the storm that has been gathering over the last 20 years. While it may have started slowly, the explosion, in numbers and types, of identities that organizations must manage and protect, and the security implications when an identity falls into the wrong hands has picked up speed in the last several years.
As we fulfill our mission to educate on the importance of securing digital identities and provide best practices and frameworks that help reduce the risk of an identity-related attack, we hope this fictional story that has been “ripped from the headlines” will resonate with security leaders and will inspire you take an identity-first approach to security.
Stay tuned for episode 2 coming this summer. A month later, the team has recovered, but the illusion of normalcy is quickly shattered as Betsy Randall enters the picture.