Send us fan mail via text by clicking here!

Back from a few weeks off, the lads come together to discuss recommendation number 3 from Rafeeq’s 2025 CISO MindMap, Identify and Manage Security Debt. This is a practical discussion that hopefully offers some ideas to improve the overall operations of your security program.

After a quick recap of the first 2 recommendations from the 2025 CISO MindMap, your hosts begin defining security debt in the context of software, hardware and systems. The concept of risk management is quickly brought into scope as a key component to understanding and managing this debt. To help pull in as many potential targets as possible, they discuss the nature of the growth of security debt.

Of course, this podcast is not only about admiring the problem, but providing some helpful methodologies to begin addressing your security debt. Important concepts here include 1) creating a central place to quantify and manage the debt, maye a risk register. 2) be sure to assign some dollar value to the effort and 3) make this effort part of a program. Of course the goal is to flatten the curve of growth of the debt and hopefully begin a downward trend.

For folks just starting their careers, we hope this topic gives you some insight into what the senior people in the organization are concerned with. As you go about your daily routine, you can help the organization by identifying aspects of your function that can impact growth of security debt.

https://rafeeqrehman.com/
https://www.linkedin.com/in/scott-a-hawk/
https://www.linkedin.com/in/rafeeq/