Virtual Innovation Collaboration

As I’ve been digging into the #CybersecurityFramework 2.0, and helping clients navigate the changes, I’ve found several areas where the new additions feel pretty significant. If you’re already using the #CSF and trying to figure out where to focus first, take note of these new Categories: ◾ The POLICY (GV.PO) Category was created to encompass ALL cybersecurity policies and guidance. Now, on one hand it might seem like a "well, of course" moment to consolidate all cybersecurity policies into one place - on the other hand, policies were previously sprinkled throughout the CSF, and were tied to specific actions like Asset Management or Incident Response. Now, it's all in one area, which makes a ton of sense and simplifies things, but also means we've got to remember that this one Category covers everything! ◾ Another significant addition is the PLATFORM SECURITY (PR.PS) Category which largely pulls together key topics from the previous Information Protection Processes & Procedures (PR.IP) and Protective Technology (PR.PT) focusing on security protections around broader platform types (hardware, software, virtual, etc.). If you’re looking for things like configuration management, maintenance, and SDLC – you’ll now find them here.  ◾ The TECHNOLOGY INFRASTRUCTURE RESILIENCE (PR.IR) Category pulls largely from the previous Information Protection Processes & Procedures (PR.IP) and Protective Technology (PR.PT) as well, but also pulls in key aspects from Data Security (PR.DS). This new Category highlights the need for managing an organization’s security architecture and includes security protections around networks as well as your environment to ensure resource capacity, resilience, etc. So, what does all this mean for your organization? Whether you're just starting out, or you're looking to refine your existing cybersecurity strategies, CSF 2.0 offers a more streamlined framework to use to bolster your cyber resilience. Remember, staying ahead in cybersecurity is a continuous journey of adaptation and improvement. Embrace these changes as an opportunity to review and enhance your cybersecurity posture, leveraging the expanded resources and guidance provided by #NIST! Have you seen the updated mapping NIST released from v1.1 to v2.0? Check it out here to get started and “directly download all the Informative References for CSF 2.0” 👇 https://lnkd.in/e3F6hn9Y

The National Institute of Standards and Technology (NIST) has released a draft of its “Cybersecurity Framework Profile for Artificial Intelligence” (open for public comment until Jan 30, 2026) to help organizations think about how to strategically adopt AI while addressing emerging cybersecurity risks that stem from AI’s rapid advance. Building on the #NIST Cybersecurity Framework 2.0, the Cyber AI Profile translates well-established risk management concepts into AI-specific cybersecurity considerations, offering a practical reference point as organizations integrate AI into critical systems and confront AI-enabled threats. The Cyber AI Profile centers on three focus areas: • Securing AI systems: identifying cybersecurity challenges when integrating AI into organizational ecosystems and infrastructure. • Conducting AI-enabled cyber defense: identifying opportunities to use AI to enhance cybersecurity, and understanding challenges when leveraging AI to support defensive operations. • Thwarting AI-enabled cyberattacks: building resilience to protect against new AI-enabled threats. The Profile complements existing NIST frameworks (CSF, AI RMF, RMF) by prioritizing AI-specific cybersecurity outcomes rather than creating a standalone regime.

𝟏𝟎 𝐂𝐲𝐛𝐞𝐫𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤𝐬 𝐌𝐨𝐬𝐭 𝐓𝐞𝐚𝐦𝐬 𝐈𝐧𝐡𝐞𝐫𝐢𝐭 - 𝐍𝐨𝐭 𝐂𝐡𝐨𝐨𝐬𝐞 ! A big customer asks for SOC 2. A regulator mentions ISO or NIST. Suddenly your “strategy” becomes a messy stack of rules that nobody can clearly explain. Frameworks were meant to reduce confusion. Not multiply it. Here’s the truth 👇 If you remove the logos, most cybersecurity frameworks answer the same few questions: – What are we protecting, and how critical is it? – Which controls reduce real attacks first? – How do we prove trust to customers and regulators? – How do we improve over time instead of ticking boxes once? That’s it. The 𝟏𝟎 𝐦𝐚𝐣𝐨𝐫 𝐟𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤𝐬 simply sit at different points of that map. Some shape strategy: ➤ NIST CSF gives structure and direction Some formalize governance: ➤ ISO 27001 / 27701 turn security into a certifiable system Some drive action: ➤ CIS Controls tell engineers where to start Some build external trust: ➤ SOC 2, PCI DSS, HIPAA, HITRUST speak auditor language Some go deep where risk is highest: ➤ CSA CCM, NIST 800-53, 800-171 for cloud and government needs 𝐓𝐡𝐞 𝐦𝐢𝐬𝐭𝐚𝐤𝐞? Treating frameworks like competing religions. Strong 𝐭𝐞𝐚𝐦𝐬 𝐬𝐭𝐚𝐜𝐤 𝐭𝐡𝐞𝐦. One shapes strategy. One drives execution. One proves trust. Over time, the question changes from: “𝐀𝐫𝐞 𝐰𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐭 𝐰𝐢𝐭𝐡 𝐗?” To: “𝐖𝐡𝐢𝐜𝐡 𝐦𝐢𝐱 𝐛𝐞𝐬𝐭 𝐞𝐱𝐩𝐥𝐚𝐢𝐧𝐬 𝐨𝐮𝐫 𝐫𝐢𝐬𝐤 𝐬𝐭𝐨𝐫𝐲 𝐭𝐨 𝐭𝐡𝐞 𝐩𝐞𝐨𝐩𝐥𝐞 𝐰𝐡𝐨 𝐦𝐮𝐬𝐭 𝐭𝐫𝐮𝐬𝐭 𝐮𝐬?” That’s when frameworks stop being paperwork and start acting like an operating system for security. Which framework actually helps your team make better decisions today? 👇 Which one does your organization rely on most right now? ------------ Hi, I'm Harris D. Schwartz 𝐅𝐫𝐚𝐜𝐭𝐢𝐨𝐧𝐚𝐥 𝐂𝐈𝐒𝐎 𝐚𝐧𝐝 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐋𝐞𝐚𝐝𝐞𝐫. I help CEOs and executive teams strengthen their security posture and build resilient, compliant organizations. With 𝟑𝟎+ 𝐲𝐞𝐚𝐫𝐬 𝐚𝐜𝐫𝐨𝐬𝐬 𝐍𝐈𝐒𝐓, 𝐈𝐒𝐎, 𝐏𝐂𝐈, 𝐚𝐧𝐝 𝐆𝐃𝐏𝐑, I know how the right security decisions reduce risk and protect growth. If you are planning how your security program needs to evolve in 2026, this is the right time to have that conversation. #CyberSecurity #SecurityFrameworks #RiskManagement #CISO #ISO27001 #NIST #SecurityStrategy

❌ Is remote work KILLING innovation? 👀 Last week, Nike's CEO John Donahoe blamed working-from-home for the company falling behind on innovation. 🧑💻 He said that it’s tough to be disruptive when people are working remotely. In an interview with CNBC, Donahoe was asked about the company’s lack of fresh new products in its assortment, which had been a concern among investors. 🎙 “What’s been missing is the kind of bold, disruptive innovation that Nike’s known for & when we look back, the reasons are fairly straightforward,” said Donahoe. He pointed out that footwear factories in Vietnam were forced to close during the pandemic but “even more importantly,” Nike’s employees worked from home for over 2 years... ☠️ “In hindsight, it turns out, it’s really hard to do bold, disruptive innovation on Zoom,” Donahoe said. 📈 The Nike teams came back together 18 months ago in person, and the company says they are feeling a positive change. Ever since, the company has been ruthlessly focused on rebuilding its innovation pipeline, not-from-home. 🤨 But is it true that disruption cannot be achieved remotely? What does the data say? Studies on the impact of WFH on innovation show mixed results: → A study from Stanford University suggests that fully remote work can lead to approximately 10% lower productivity compared to in-person, which might affect innovation negatively due to challenges like reduced communication & cultural cohesion. → McKinsey also found that remote work might limit tasks requiring physical presence or specialized equipment, which would be the case when you're prototyping new shoes, in Nike's case. 🙅 However, not all sources confirm the above statements: → Harvard Business School highlighted that remote work can potentially lead to different types of innovation, spurred by greater access to talent who prefer or require remote work arrangements. ✅ Automattic, for example, the company behind WordPress, runs entirely remotely and is known for its strong innovation culture. They utilize 'async' communication & autonomous work practices, allowing employees to work on what they think will benefit the company most, without rigid schedules or physical meetings. 🚀 Many other large tech companies like monday.com or Telegram Messenger -who can be called pretty innovative- also succeed in remote innovation. The WFH model has definitely led to successful examples of innovation, proving that remote work CAN indeed lead to disruptive innovation. ⬇️ To wrap up: while remote work surely presents challenges to innovation, it can also lead to new opportunities for creativity & problem-solving that wouldn't have surfaced in a traditional office setting. What do you think? 💬👇 #innovation #wfh #remote #futureofwork #nike #business

After many years of analysing the "triple helix effect" in Australian and global contexts, I've observed a persistent gap between innovation ecosystem potential and actual performance. We excel at mapping connections—between universities, businesses, and government agencies—but struggle to activate these dormant relationships. The critical insight? Having someone's contact details (even on LinkedIn) differs vastly from genuine collaboration. The transformation requires three elements: problem-focused interaction around specific challenges, trust-building through repeated engagement, and governance mechanisms that align different organisational incentives. Most ecosystems exist in "structural potential" rather than functional activity. Universities house transformative research locked in publications. Corporations possess the capabilities to solve social problems but lack pathways to community organisations. Government agencies hold regulatory knowledge that could accelerate innovation, yet operate in isolation. The solution isn't just more networking events. It's creating focal challenges that demonstrate mutual value, supporting system integrators that speak multiple "languages," and designing incentive structures that reward collaboration over transactions. For policymakers: ecosystem activation can be catalysed but cannot be mandated. Focus on creating opportunities for valuable collaboration rather than requiring it.: https://wix.to/zJN0qgM #InnovationEcosystems #Trust #InnovationManagement

Over the past year or two, I’ve had the opportunity to work closely with innovation ecosystems through our Strategy Hub Qatar projects, an area that has increasingly captured my interest, particularly for the potential it holds to drive real-world impact. What I’ve noticed is an under-tapped opportunity to further strengthen these ecosystems by anchoring them in demand-led, partnership-driven innovation, where startups are not building in isolation, but are closely linked to clearly defined industry needs. When large industry players are engaged as active problem owners and potential adopters, the dynamic becomes far more powerful. Startups are able to design solutions that are grounded in real, validated challenges and closely aligned with operational realities. In this context, design thinking helps anchor innovation in real user needs, encouraging early testing and iteration to shape solutions that are practical and implementable. The real opportunity lies in creating a clear pathway from solution to adoption, where ideas are not only developed, but tested, refined, and ultimately taken forward by those they are designed for. This makes innovation more targeted, more responsive to local needs, and far more likely to scale. There is a compelling opportunity to deepen this model by fostering more intentional partnerships between industry and startups, creating a more connected, closed-loop system where challenges inform innovation, and innovation feeds directly back into industry. In this model, large players benefit from agile, locally developed solutions, while startups gain clearer pathways to adoption and scale. Realizing this potential requires embedding the right enabling mechanisms within these partnerships, particularly procurement and funding models that support experimentation, iteration, and ultimately, implementation. #InnovationEcosystems #PublicPrivatePartnerships #StartupEcosystem #IndustryPartnerships #DesignThinking

𝐀𝐫𝐞 𝐫𝐞𝐦𝐨𝐭𝐞 𝐭𝐞𝐚𝐦𝐬 𝐟𝐚𝐥𝐥𝐢𝐧𝐠 𝐬𝐡𝐨𝐫𝐭 𝐢𝐧 𝐬𝐩𝐚𝐫𝐤𝐢𝐧𝐠 𝐛𝐢𝐠, 𝐠𝐫𝐨𝐮𝐧𝐝𝐛𝐫𝐞𝐚𝐤𝐢𝐧𝐠 𝐢𝐝𝐞𝐚𝐬? In a world where scientists and inventors are more connected than ever, you’d think this global collaboration would lead to more breakthrough discoveries. But the opposite might be happening. This study that I found published in 2023 in Nature - 👇see the PS for the full citation & original paper👇 - analyzed 20 million research articles and 4 million patent applications from the past 50 years to explore how remote teamwork impacts innovation. The goal? To understand why, despite having more minds and tools at our fingertips, disruptive ideas seem harder to come by. Here’s what they found: While remote collaboration is on the rise, researchers in these teams are less likely to produce breakthroughs compared to their on-site counterparts. Why? It turns out that remote teams excel at technical, well-defined tasks, but they often struggle with conceptual work—those early stages of ideation where ideas are born and new paths are carved. Even with today’s advanced digital tools, some things - like the magic of face-to-face brainstorming - just can’t be fully replaced. 💡😁💡𝐌𝐲 𝐭𝐚𝐤𝐞𝐚𝐰𝐚𝐲: Innovation isn’t just about having the best tools or the biggest team—it’s about how we generate and share ideas. Remote work has come a long way, but to spark breakthroughs, we may need to rethink how we collaborate, ensuring those early, creative sparks aren’t lost across the distance. Happy collaborating everyone 🙏😁🙏 Ludmilla #DERRtobedifferent PS: If someone needs to find this original paper, here is the full scientific citation: Lin, Y., Frey, C.B. & Wu, L. Remote collaboration fuses fewer breakthrough ideas. Nature 623, 987–991 (2023). #leadership #inspiration #technology #collaboration Elite Experts Conferences #EliteExpertsConferences #LudmillaDerr 

🔐 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻𝗶𝗻𝗴 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝗶𝗮𝗹 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗜𝗘𝗖 𝟲𝟮𝟰𝟰𝟯 As industrial systems become increasingly interconnected, adopting a robust, structured cybersecurity framework is no longer optional—it’s essential. IEC 62443 remains the global benchmark for securing Industrial Control Systems (#ICS) and Operational Technology (#OT) environments. This framework provides a holistic security model, addressing everything from segmentation to threat mitigation, helping organizations build resilient, defense‑in‑depth architectures. Some key concepts that stand out: ✔ 𝙕𝙤𝙣𝙚𝙨 & 𝘾𝙤𝙣𝙙𝙪𝙞𝙩𝙨 – Logical grouping of assets and communication paths to enforce consistent cybersecurity requirements. ✔ 𝘿𝙚𝙛𝙚𝙣𝙨𝙚 𝙞𝙣 𝘿𝙚𝙥𝙩𝙝 – Layered protection across physical security, identity & access, network, compute, application, and data. ✔ 𝙁𝙤𝙪𝙣𝙙𝙖𝙩𝙞𝙤𝙣𝙖𝙡 𝙍𝙚𝙦𝙪𝙞𝙧𝙚𝙢𝙚𝙣𝙩𝙨 (𝙁𝙍1–𝙁𝙍7) – Covering authentication, system integrity, restricted data flow, incident response, and more. ✔ 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙇𝙚𝙫𝙚𝙡𝙨 (𝙎𝙇0–𝙎𝙇4) – Clearly defined protection levels based on threat sophistication and required defenses. ✔ 𝙈𝙖𝙩𝙪𝙧𝙞𝙩𝙮 𝙇𝙚𝙫𝙚𝙡𝙨 (𝙈𝙇1–𝙈𝙇4) – Measuring how well an organization institutionalizes cybersecurity processes. Adopting IEC 62443 not only enhances technical protections but also strengthens governance, operational reliability, and long‑term cyber resilience—key priorities for any modern industrial or critical infrastructure environment. In an era of evolving cyber threats, frameworks like IEC 62443 are vital to safeguarding industrial operations and ensuring secure digital transformation. #IEC62443 #Cybersecurity #OTSecurity #ICS #IndustrialAutomation #DigitalTransformation #RiskManagement #DefenseInDepth

The Cyber Kill Chain and the MITRE ATT&CK framework are two different approaches to understanding and responding to cyber threats, particularly in the context of cybersecurity and cyber attack analysis. While they share some similarities, they serve different purposes and offer different perspectives on cyber attacks.   𝐂𝐲𝐛𝐞𝐫 𝐊𝐢𝐥𝐥 𝐂𝐡𝐚𝐢𝐧: The Cyber Kill Chain is a concept developed by Lockheed Martin as a model for understanding the stages an attacker goes through to achieve a successful breach or attack. It consists of several stages, often referred to as the "kill chain phases," that represent the steps an attacker typically takes to launch and execute a successful cyber-attack: 𝐑𝐞𝐜𝐨𝐧𝐧𝐚𝐢𝐬𝐬𝐚𝐧𝐜𝐞: Gathering information about the target. 𝐖𝐞𝐚𝐩𝐨𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧: Creating or acquiring a malicious payload (e.g., malware). 𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲: Delivering the malicious payload to the target system. 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧: Taking advantage of vulnerabilities to execute the payload. 𝐈𝐧𝐬𝐭𝐚𝐥𝐥𝐚𝐭𝐢𝐨𝐧: Installing the malicious payload on the target system. 𝐂𝐨𝐦𝐦𝐚𝐧𝐝 𝐚𝐧𝐝 𝐂𝐨𝐧𝐭𝐫𝐨𝐥 (𝐂𝟐): Establishing communication with the attacker's command and control infrastructure. 𝐀𝐜𝐭𝐢𝐨𝐧𝐬 𝐨𝐧 𝐎𝐛𝐣𝐞𝐜𝐭𝐢𝐯𝐞𝐬: Achieving the attacker's goals, which might involve data theft, disruption, or other malicious activities. 𝐌𝐈𝐓𝐑𝐄 𝐀𝐓𝐓&𝐂𝐊 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤: The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base and model that provides a detailed and structured understanding of how cyber adversaries operate. Instead of focusing solely on the stages of an attack, ATT&CK categorizes attacker behaviors into tactics and techniques. Tactics represent high-level goals an attacker wants to achieve (e.g., gaining initial access, persistence, privilege escalation), while techniques describe specific methods or actions attackers use to accomplish those goals. ATT&CK also includes information about procedures, tools, and other relevant details associated with each technique, providing a more nuanced view of how attackers operate. It's designed to help organizations understand the specific techniques that attackers might use at different stages of an attack and build more effective detection, prevention, and response strategies.   In summary, the Cyber Kill Chain is a model that outlines the stages of a cyber-attack in a linear fashion, while the MITRE ATT&CK framework provides a more detailed and dynamic understanding of attacker behaviors, tactics, techniques, and procedures. Both approaches can be valuable in the field of cybersecurity, depending on the specific needs of an organization's security strategy. In fact, some organizations may choose to integrate both concepts for a more comprehensive defense against cyber threats. #cyberkillchain #mitreattack #cybersecurity #riskmanagement

Remote work isn't for everyone. But don't say it hinders innovation. Here's proof remote work fuels progress: Bluesky reached 25 million users in just months, with a team of 20 remote employees. Atlassian released its first AI product within six months—the fastest product development in the company's history. Yelp brought new features to market 60% faster with their remote work model. The winning ideas from Pinterest's hackathon in 2023 came from remote staff—the first year it was open to remote employees. Airbnb released 535 updates in the past three years, with the scale of each launch increasing yearly thanks to remote work. How are this many remote companies innovating in ways others dream of? They invest in people rather than spaces, says Nicholas Bloom, a Stanford University economics professor. Doing so provides workers with more time for deep thinking, leading to better results. What do you think, can remote work improve innovative? #Remotework #Flexiblework #Futureofwork Source: Abril, D. (2024, December 27). These companies innovate and collaborate without office mandates. The Washington Post.