Why Business-Aligned Cybersecurity Means Less Cybersecurity

And Why That’s Just Fine

As the cybersecurity profession matures, security leaders are scolded that the cybersecurity program needs to be more “business-aligned”. This seems to flummox security leaders, who are usually operating with the best interest of the company in mind (“I’m only saying ‘no’ to protect you from yourself”). There is also the little problem that the business is often not interested in being “security-aligned” — which feels like a bad 80’s movie. But I digress…