Simpler, Smarter Cyber Mindset: A Collaborative Deep Dive with Abbas Kudrati

We’re years into “cyber being a board issue,” but breaches are still happening at a pace and scale that shouldn’t be possible given the budgets and effort involved.

You’d think with hundreds of tools, more frameworks than anyone can track, and entire teams built around resilience, we’d be in a better place. But we’re not. And it’s not because people aren’t trying. It’s because we’re still getting the basics wrong (something we keep saying here at Chaleit).

That’s the core of a recent essay I put together with experienced cyber security leader Abbas Kudrati . We’ve both seen the same patterns, over and over again: too many tools, not enough insight. Too many dashboards, not enough decisions. Too much noise, not enough clarity.

Here are a few things that stuck with me from our chat:

👉 It’s still 101 attacks. We run red team exercises every week. The first thing we try is password spray. It still works regularly. And most SOCs don’t even spot it. That tells you everything about where priorities lie.

👉 Identity is the new perimeter. The endpoint’s been hardened. The cloud’s getting there. So attackers are targeting what’s often left exposed: machine identities, service accounts, expired certificates, and hardcoded secrets. And when they get in, they blend in.

👉 Detection is too slow. If it takes more than 60 minutes to acknowledge something’s happening, you’ve already lost. MTTA (mean time to acknowledge) should be under half an hour, Abbas says. That’s the number to watch, and not how many threats were blocked.

👉 Board reporting is broken. The number of threats blocked last quarter doesn’t help anyone make better decisions. If you’re not showing where risk lives or what would actually breach you, you’re wasting everyone’s time.

Abbas told a great story in the essay about how he used to walk into board meetings with just one sheet. Not 30 pages of telemetry. Just: here’s what’s red, here’s what’s getting worse, here’s what I need from you. That’s how you get meaningful discussion.

We also talked about Zero Trust, not as a product, but a principle. Not “yet another control,” but a way of working. And about consolidation, not just to save costs, but to make the whole thing manageable again.

The big takeaway is simple: It’s not about doing more. It’s about doing what works and doing it properly.

But simple isn’t easy. Simplifying means fixing the basics. Getting clear on what actually matters. And having the right mindset to stay ready when something does go wrong.

If that sounds like something your organisation’s wrestling with, have a read through the full conversation. It might save you a lot of firefighting later.

Would love to hear what resonated or what you're seeing from your side. Let’s talk in the comments or feel free to reach out.