Defend Forward: Taking the Fight to the Adversary

Thirty years ago, when I first started working in cybersecurity, I remember joking with my wife, who worked in healthcare, that she saved people’s lives while I saved their computers. How times have changed…

I may not be curing critical illnesses, but as the world has grown more digital and cyber threats have evolved, the work I do as a security leader has taken on increasing seriousness.

Now, I’m not just protecting computers; I’m also protecting the people and institutions (including patients and healthcare providers) who rely on those computers. Looking back on my career, I feel incredibly fortunate to have contributed to a number of initiatives designed to keep organizations and individuals safe from cyber threats. 

In 2011, the UK government reached out to me for help building a cyber intelligence sharing hub. I’m very proud to say this hub, now known as the Cyber Information Sharing Partnership (CISP) platform, remains a key part of the UK’s National Cyber Security Centre (NCSC) and allows UK companies to share early attack signs and other data with each other, and have that data enriched by a fusion cell made up of NCSC and industry staff. 

The platform has been a force multiplier in helping defenders across the UK government and industry reverse the adversary advantage. Because I’m such a firm believer in the value of information sharing, I later joined the Cyber Threat Alliance, a consortium of cybersecurity vendors committed to sharing threat intelligence and malware samples. 

More recently, I was involved with the World Economic Forum’s Cyber 2025 program, which examined the cybersecurity implications of artificial intelligence, quantum computing, ubiquitous connectivity and digital identity. The program produced a report with 15 recommendations for addressing the systemic cyber risks those technologies create for global economies. 

Now I’m excited to participate in the Cyber Defenders Council, a global group of preeminent security leaders from public and private sector organizations, sponsored by Cybereason. The Council mission is squarely focused on enabling organizations to implement Defend Forward cybersecurity strategies that increase the burden for attackers and make it much harder for them to achieve their objectives. 

Defend Forward is a concept that the US Department of Defense developed in response to the escalating pace and sophistication of nation-state sponsored adversaries. It means defending with an offensive mindset, proactively disrupting or stopping malicious cyber activities in their earliest stages, and increasing costs for adversaries. This is how we take the fight to attackers and reverse the adversary advantage.

While the idea came out of the US military, Defend Forward has broad applicability to commercial and government enterprises around the world. I’m looking forward to working with members of the Cyber Defenders Council to identify ways organizations outside the US military can adapt and apply this concept.

As the lines between nation-state sponsored and financially motivated cyberattacks continue to blur, I’m hopeful Defend Forward will have the effect of deterring cyberattacks and will become as ingrained in the cybersecurity industry just as other concepts that came out of the military, like the Kill Chain.  

If you are a CISO who’s passionate about cybersecurity like I am, and wants to give back to the security community and make the world safer and more resilient, please get involved. Find the initiative that’s right for you, whether it’s joining an industry ISAC, working to develop cybersecurity standards, or mentoring the next generation of CISOs. 

When you get to my age and begin looking back on your career and legacy, you want to be remembered for making a difference. Fortunately, in our work, there’s ample opportunity to do so.


Cybereason is dedicated to teaming with Defenders to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about ransomware defense here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Greg Day
About the Author

Greg Day

Greg Day is a Vice President and Global Field CISO for Cybereason in EMEA. Prior to joining Cybereason, Greg held CSO and CTO positions with Palo Alto Networks, FireEye and Symantec. A respected thought leader and long-time advocate for stronger, more proactive cybersecurity, Greg has helped many law enforcement agencies improve detection of cybercriminal behavior. In addition, he previously taught malware forensics to agencies around the world and has worked in advisory capacities for the Council of Europe on cybercrime and the UK National Crime Agency. He currently serves on the Europol cyber security industry advisory board.