Strategy October 2024

Cyber Hygiene: The Forgotten Project of CISOs

Why fundamentals must precede technological solutions

The Paradox of the Cyber Industry

The cybersecurity industry excels at marketing technological solutions. Next-generation EDR, AI-augmented SIEM, all-in-one XDR... Vendors compete with ingenuity to sell increasingly sophisticated platforms. And yet, the majority of successful breaches exploit basic flaws: weak passwords, unpatched systems, poorly managed privileged accounts.

The conclusion is clear: we're buying Ferraris when we don't even know how to drive yet.

The First Project: Hygiene and Knowledge

Before deploying the slightest SOC or investing in yet another threat intelligence platform, the CISO must undertake a fundamental project, often neglected because it's not glamorous: IT hygiene and knowledge of their environment.

The Four Pillars of Cyber Hygiene

  • Environment knowledge: What systems? What applications? What data?
  • Business knowledge: What critical processes? What dependencies?
  • Risk identification: Without falling into paralyzing risk analysis
  • Vulnerability management: Discover, prioritize, remediate or mitigate

This approach is not glamorous. It doesn't make conference headlines. But it is essential.

Building the Organization Before Technology

An effective CISO must first structure their organization around three essential communication axes:

1. Speaking to the Business

Security cannot be an ivory tower of technology. The CISO must understand business issues, operational constraints, and critical processes. This requires constant dialogue with business units, in their language, not in cyber jargon.

2. Speaking to the Executive Committee

The executive committee doesn't want to know how many CVEs were published this month. They want to understand risk exposure in terms of business impact: revenue loss, reputational damage, production downtime. The CISO must translate technology into quantifiable business risk.

3. Discover, Qualify, Remediate

The organization must implement systematic processes to:

  • Discover systems (asset management)
  • Identify identities and their privileges
  • Detect vulnerabilities and misconfigurations
  • Track remediations or implement workarounds

Without this organizational foundation, no technology will be effective.

AI as an Accelerator, Not a Miracle Solution

Artificial intelligence is a tremendous tool to help CISOs in their missions. It excels at:

  • Processing massive data: logs, alerts, inventories
  • Prioritizing: identifying critical vulnerabilities in an ocean of CVEs
  • Decision support: correlating weak signals, suggesting actions

But AI does not replace knowledge of your environment. It amplifies it. A CISO who doesn't know their IT system cannot effectively leverage AI. AI without foundations is building on sand.

EDR First, SOC Later

Here's an inconvenient truth: deploying a SOC without a clear vision of your IT system is a strategic mistake.

A SOC without asset knowledge, without flow mapping, without understanding normal usage, will drown in false positives. It will consume precious resources for little added value.

The Logical Sequence

  1. Deploy an EDR: visibility on endpoints, abnormal behavior detection
  2. Build knowledge: inventory, identity management, mapping
  3. Structure remediation: patch management processes, vulnerability management
  4. Only then consider a SOC: when you have a solid foundation to contextualize alerts

A well-configured EDR provides immediate value. A SOC without foundations primarily brings frustration.

The Platform Approach: A Unified Vision

Once foundations are laid, the CISO can consider a platform approach that monitors coherently:

  • Identities: IAM, PAM, compromised account detection
  • Cloud: CSPM, configuration monitoring, drift detection
  • Legacy: Active Directory, on-premise systems, business applications
  • Vulnerabilities: continuous scanning, intelligent prioritization, remediation tracking

This platform approach is only effective if it relies on precise knowledge of the environment. Otherwise, it becomes just another noise aggregator.

Conclusion: Returning to Fundamentals

The role of the CISO in 2025 is not to stack technological solutions. It's to build a pragmatic security strategy, based on:

  • Deep knowledge of their environment
  • An organization structured around business and executive dialogue
  • A systematic approach to vulnerability management
  • Intelligent use of AI as an accelerator
  • Sequenced tool deployment: EDR before SOC
  • A unified platform vision, but only when foundations are solid

Cyber hygiene is not sexy. It doesn't make impressive slides for boards. But it is the only true foundation of effective cybersecurity.

Let's stop buying Ferraris. Let's learn to drive first.

Clément GUIRIEC

Clément GUIRIEC

Partner at Intrinsec, SecOps specialist. Founder of Intrinsec's SOC, CTI, and CERT.

LinkedIn → X →
← Back to blog