I was invited to speak on cybersecurity frameworks and standards in the Philippines
“What happens when things go wrong—and who’s accountable?”
That’s how we opened Day 1 of our 3-day cybersecurity training in Dingalan. I was invited to speak on cybersecurity frameworks and standards in the Philippines, and I knew from the start: we had to make this real. This wasn’t about hypotheticals or tech buzzwords. It was about responsibility, strategy, and the systems we build—or fail to build.
Day 1: When Breaches Happen, What’s Next?
We began with case studies of actual cybersecurity breaches. Not from big international headlines—but local, relevant examples. Participants walked through real breakdowns in cybersecurity: data leaks, ransomware attacks, misused systems.
Then we asked the tough questions: Who was accountable? What systems were missing? Could this happen here?
We also explored risk management—identifying what’s critical, what’s vulnerable, and what’s just waiting to break. It set the tone. This wasn’t just a workshop; this was about preparing teams to lead in a digital world.
Day 2: Knowing What You’re Protecting—and Who Owns It
On Day 2, we focused on the core of any cybersecurity strategy: assets and roles. There are two types of digital assets—information and infrastructure. And you can’t protect what you haven’t identified.
We mapped these assets with the group, and then we introduced key roles: the CISO (Chief Information Security Officer) and CYSO (Cybersecurity Officer). Who’s in charge? Who signs off on protocols? Who gets the call when something goes wrong?
We also talked about governance. Because without leadership buy-in, all these plans stay theoretical.
Day 3: Building the Framework—and Making It Work
The final day was about pulling everything together. We created grading matrices to prioritize risks—because not everything can be fixed at once.
Participants drafted sample cybersecurity frameworks using what we had covered: risks, assets, roles, and controls. It was energizing to see actual plans taking shape—tailored for their own agencies and workflows.
We didn’t just talk about cybersecurity frameworks and standards in the Philippines—we started building them.
Wrapping Up: It Starts with Mindset
Cybersecurity isn’t just an IT task. It’s governance, it’s leadership. It’s trust.
You don’t need to be a tech expert to start protecting your systems—but you do need a plan, a team, and a clear understanding of your digital responsibilities.
If you’re in local governance or part of an agency looking to future-proof your operations, let’s talk. We can build the framework. Together.