Many security leaders argue over whether their incident response posture needs to be proactive or reactive. But Rsam CISO Bryan Timmerman says it isn't either or - that organizations need both. Here's why.
"If you've got an incident response program that's been around for years, then it's probably based on reaction. And reaction is always going to be part of incident response, but it shouldn't be the only part," Timmerman says. "It shouldn't even necessarily be the most important part, and that's where the proactive stance comes in."
In an interview about incident response, Timmerman discusses:
- Why reactive and proactive approaches are both needed;
- How this dual strategy helped Rsam in the immediate aftermath of WannaCry;
- How Rsam helps its customers achieve the right incident response blend.
Timmerman has been Rsam's CISO since 2013. Previously he worked at Fortune 25 company Express Scripts, leading a team of security professionals responsible for protecting the private health information of more than one in three Americans. Timmerman has over 20 years of experience in threat and vulnerability management for Fortune 50 companies, and he has certifications in CISSP, GIAC GSEC, GIAC GPEN - Network Pen Testing & Ethical Hacking.