Offensive Defense

From Reactive Defense to Pre-Compromise Disruption
Since its inception in 2014, CTM360 has focused on enabling a proactive approach to cybersecurity, defined as Offensive Defense. Instead of reacting to threats inside your perimeter, this philosophy encourages targeting threats at their point of origin across the surface, deep, and dark web.
As part of our offensive-defense approach, CTM360 focuses on the pre-compromise stages of the attack lifecycle, including reconnaissance, weaponization, and delivery, which are considered attacker territory and often remain unaddressed by conventional security controls. By identifying malicious infrastructure early, CTM360 helps organizations disrupt threats before compromise occurs.
Understanding the Roles and Functional Aspects in Security
The Challenge: One Role, Many Expectations
For years, organizations have used the terms IT Security, Information Security, and Cyber /Digital Security almost interchangeably. As a result, the role of the CISO has often been stretched across technology operations, compliance, governance, risk, and external threat response. The function kept moving from IT to risk to the boardroom, but the underlying confusion remained:
“ What exactly is the role of a CISO? ”
Mirza Asrar Baig’s view is that the answer is not to keep moving one security role across the organization, but to define security functions based on the assets they are responsible for protecting.
Security Through a New Perspective
Rather than treating security as a single discipline, organizations should recognize three distinct functions, each with its own objectives, risks, and ownership model.
IT Security
IT Security is about the end user. Similar to the police, it focuses on creating a secure environment where people can safely access systems, applications, and services anytime, anywhere. It protects the organization's technology environment and should be aligned with the IT Asset Register.
Information Security
Information Security is about protecting information assets. Similar to the military, it focuses on securing the organization’s critical data, systems, and sensitive resources. It protects business information and should be aligned with the Information Asset Register.
Cyber/Digital Security
Cyber/ Digital Security is about attackers and attacks. Similar to an intelligence team, it focuses on identifying adversaries, understanding their tactics, and neutralizing and disrupting threats outside the firewall while supporting internal teams. It should be aligned with the Digital Asset Register.
In this model, an asset register is not just a list of assets. It is a security ownership model that defines what needs to be protected, who is responsible for it, and what type of risk must be managed.
Technology Realm of Enterprise Risk Management
This model shows how each security function connects to a specific asset register, ownership role, and area of enterprise risk.
Security Framework Applicability Model
Once the above aspects are clearly understood, organizations can better define responsibilities across the strategic, tactical, technical, and operational levels.
Considering this view of Cyber/Digital Security, CTM360 built its operational model around Offensive Defense, focusing on the pre-compromise phase of the Lockheed Martin Cyber Kill Chain (outside the firewall in the attacker’s territory), covering reconnaissance, weaponization, and delivery.
Offensive Defense vs Defense in Depth
Defense in Depth remains essential, but most traditional controls activate when the attacker is already interacting with the organization’s infrastructure, users, endpoints, or network. Despite these controls in place, cyber losses have continued to grow. Offensive Defense complements these controls by focusing on what is outside the firewall.




