Strategic Plan for Leading the Cybersecurity Team

Name: William Mwaisoloka

Date:24TH OCT 2023

As the new team leader for cybersecurity, my goal is to transform our department into an
industry-leading team that proactively protects our organization against emerging
threats. With the rapid evolution of the threat landscape, it is crucial that we stay ahead of the
curve to secure our systems, data, and users. My vision encompasses elevating
both our technical capabilities as well as fostering a collaborative and communicative culture.

Job Goals

Short Term Goals (Q1)

• Audit all systems to create a prioritized patch management schedule based on

criticality.
• Segment networks and create isolated VLANs to facilitate rolling patch
deployments.
• Acquire any missing patches/upgrades for legacy OSes from vendors or custom
development.
• Deploy patches in stages with testing between rolls outs to minimize disruptions.
• Implement monitoring to verify patch installations and system statuses.
• Create monthly patch management reviews to address outstanding issues.
• Develop video training modules covering phishing, passwords, social
engineering, physical security, and data protection.
• Make training mandatory for all employees with system enforcement blocking
access if not completed.
• Deploy additional scam and phishing simulations to test employee response.
• Require training refreshers bi-annually to keep awareness high.
• Maintain over 95% patch coverage across all external facing and critical internal
systems.
• Achieve 100% employee completion of updated security awareness training.
• See a 25% decrease in successful phishing attacks and breaches through training.
• Limit exploitability of any missed patches through network controls

Mid Term Goals (Q2-Q4)

Implement Zero Trust Model:

• Segment internal networks and limit lateral movement.

• Require MFA for all user authentications and access.
• Log and inspect all traffic between segmented zones.
• Strictly limit direct internet access from endpoints.
• Deploy network micro segmentation down to workload levels.
• Implement least privilege access policies across all systems.
• Encrypt all internal traffic between endpoints and services.
• Continuously audit access controls and privileges.
Strategic Plan for Leading the Cybersecurity Team
Name: William Mwaisoloka
Date:24TH OCT 2023
Embrace DevSecOps:
• Integrate security into CI/CD pipelines for infrastructure-as-code and apps.
• Perform static and dynamic analysis on code repos and artifacts.
• Provide developer self-service access to security tools in IDEs.
• Implement policy-as-code based on compliance standards and benchmarks.
• Adopt high velocity patch management for rapid vulnerability remediation.
• Embed security team members within key development teams.
• Create telemetry backchannel from production to development.
• Incentivize and empower developers to own security.

Deploy Advanced Threat Detection:

• Acquire and deploy EDR tools on all endpoints to analyze behaviors.

• Implement NGAV and sandboxing to inspect payloads.
• Deploy deception technology to divert and detect attacks.
• Analyze network traffic patterns using ML for behavioral anomalies.
• Point security analytics platform at diverse data sources to correlate signals.
• Establish dedicated SOC team to monitor detections and investigate incidents.
• Lower MTTD and accelerate incident response through automation playbooks.
• Meet less than 1-hour MTTR benchmark for critical severity incidents.
• Expand capabilities to hunt threats on endpoints and network proactively.

Long Term Goals (Beyond 1 Year)

Become an Industry Leader in Security:
• Implement cutting edge technologies early like AI-driven automation.
• Contribute novel defensive techniques to the broader security community.
• Develop extensive threat intelligence capabilities leveraging internal and external
sources.
• Hire and cultivate top talent, paying competitively for expertise.
• Encourage participation in bug bounties and ethical hacking communities.
• Establish an internal red team to continuously test defenses.
• Maintain a minimal amount of dwell time and damage for threats.
• Exceed compliance mandates and become auditable against rigorous standards

Develop World Class Team:

• Create a collaborative culture of excellence and innovation.

• Implement robust training programs, budgets, conferences, and incentives.
• Structure career development paths to retain top talent.
• Coach team members on business, communication, and other soft skills.
• Promote talent mobility across different security domains.
• Develop technical leaders by scope and impact, not just tenure.
• Maintain an extensive applicant pool through industry events and campus
recruitment.
Strategic Plan for Leading the Cybersecurity Team
Name: William Mwaisoloka
Date:24TH OCT 2023
Managing Team and Tasks

• Use agile framework to map out sprints and assign tasks to team members based on
their strengths.
• Hold daily standup meetings for status updates over Lark.
• Use Lark and Jira to track progress on tasks and deadlines.
• Schedule one-on-ones biweekly over Lark to check in on progress and provide
coaching.
• Encourage collaboration through Lark channels and establish clear
communication policies.
• Require participation in key Lark channels to ensure visibility.
• Leverage Lark automation and integrations with Jira to streamline workflows.
• Use Lark polls, reminders, and notifications to keep team engaged.
• Conduct retrospective meetings over Lark at sprint close to capture lessons
learned.
• Maintain open door policy and respond promptly over Lark for guidance.
• Recognize top contributors publicly through Lark announcements and rewards.

Developing Team Skills

• Provide annual training budget for each team member to attend conferences,
classes, and certifications.
• Assign mentors to junior team members to provide guidance and development.
• Rotate team members across different product groups to cross-train.
• Incentivize and reward earning relevant certifications, with bonus for multiple certs.
• Conduct post-mortem reviews after major incidents and projects to capture
lessons learned.
• Foster culture of growth mindset and continuous improvement:
• Encourage team to share educational resources and training opportunities with each
other.
• Allow time for self-study and skills development during work hours.
• Send weekly industry newsletters to keep team updated on new technologies.
• Budget for team members to attend major industry conferences annually.
• Promote intelligent risk taking and learning from mistakes without blame.
• Participate in industry capture the flag events and competitions.
• Require mandatory training hours per quarter for new skills.
• Recognize autodidacts who are self-driven to learn new skills.
• Interview team members on skills goals during one-on-ones and provide
pathways.
• Bring in outside experts and speakers to expose team to new ideas.
Strategic Plan for Leading the Cybersecurity Team
Name: William Mwaisoloka
Date:24TH OCT 2023
Recent Technical Achievements
Recent Achievements
Over the past few Weeks, I was able to accomplish the following.

• Reverse engineered ransomware samples deployed on servers, identifying the

WannaCry/Medusa variant through static and dynamic analysis. And mitigated
the attack
• Tuned endpoint detection and response capabilities by optimizing detection
rules, permitted process lists, and memory exclusions to focus on malicious
behaviors and reduce false positives.
• Executed scheduled penetration tests on external perimeter, VPN, cloud
environments, wireless infrastructure, web applications, and internal systems.
Prioritized findings by severity to guide remediation.
• Developed customized EDR use cases for junior analyst aligned to their skills, creating
behavioral analytics to detect emerging threats like cryptomining, lateral movement,
and command and control.
• Partnered with Compliance team to implement improved password policies, and
system hardening standards aligned to CIS benchmarks.
• Deployed next-generation firewalls across global gateways to segment traffic between
security zones and restrict internet access. Blocked known malicious IPs.
• Patched critical OS vulnerabilities on legacy Windows and Linux systems across
global offices. Managed change carefully to maintain 100% uptime. Acquired
custom vendor support.