In 2007, the term “Left of Boom” was popularized by Rick Atkinson of the Washington Post in his four-part series, “Left of Boom- The Struggle to Defeat Roadside Bombs,” describing the effort by the U.S. military to combat the improvised explosive devices (IEDs) used by insurgents in Afghanistan and Iraq. Spearheaded by the Joint Improvised Explosive Device Defeat Organization (JIEDDO), the U.S. military spent billions of dollars developing technology and tactics to predict, detect, prevent, neutralize, and mitigate IEDs. After years of frustration, JIEDDO focused on getting “left of boom” – disrupting the bomb chain long before detonation – through advanced analysis and fusion of intelligence with operational data.
The concept of getting “left of boom” has been widely adopted in cybersecurity. For 2019, Gartner forecasts that organizations will spend $124B on security tools and services to identify, protect, detect, respond, and recover from cyber attacks. From a “left of boom” perspective, these can be categorized into the following:
What we discovered and published in our Security Effectiveness Report is that organizations are not getting the expected value or protections from their investments. The dollars being spent on security, along with the efforts being applied, have not equaled improved security effectiveness. Why not? Because organizations have not had a way to prove efficacy across people, process, and technology which limited them to managing by assumptions.
Verodin Security Instrumentation Platform (SIP) is the first business platform that provides organizations with the evidence needed to measure, manage, improve, and communicate their cybersecurity effectiveness. SIP holistically monitors an organization’s environment and delivers evidence of effectiveness enabling them to get “left of boom” by:
- Providing evidence of Controls Effectiveness
- Providing evidence for Optimization and Rationalization of security tools
- Continuously monitoring and providing evidence validating or exposing drift in effectiveness from Known Good State
- Providing evidence to allow organizations to understand business risk from cyber
- Providing evidence-based reports to communicate security effectiveness from a technical and business perspective all the way to the board
While deployed to Afghanistan as a Marine Intelligence Officer in 2012, my focus was to provide timely, accurate, and relevant data in support of decision-making to accomplish our mission while minimizing risk. Now with Verodin, our focus is to provide quantifiable, evidence-based data on cybersecurity effectiveness to enable organizations to mitigate risk – not just cyber risk, but financial risk from cyber.
About the author:
Ted Corbeill is a recently retired Marine Corps Intelligence Officer who is leveraging his military experience to build and lead innovative sales enablement programs to drive revenue growth through data-driven insights, business innovation, and collaboration at Verodin. Prior to joining Verodin, Ted built sales enablement programs for DXC Technology and Hewlett Packard Enterprise.