Following from the previous Simplify Cybersecurity posts, I'll should you in more details what is Simplify Cybersecurity.
Imagine, your company is entering the digital transformation for IT organization, and you need to transform the Cybersecurity organization too.
By following Simplify Cybersecurity principle, it is very easy to "transform" the Cybersecurity organization.
Even by entering the cloud world, the Cybersecurity core functions haven't changed much. It is still required to Identify, Protect, Detect, Respond, and Recover. The only thing question is, who should be leading the work.
Depends on which stage or which generation of Cybersecurity org is, all you need to do is expand the size/budget of the driving team. For example, nowadays, many company are entering cloud world. And by based on the generation in Simplify Security Stage article, it should be the IAM team that drive the Cybersecurity transformation, and help the whole organization get ready for cloud-based security.
Many company makes a mistake by forming new team, like cloud security team, to get prepare for company to enter the cloud world. And this is where the Cybersecurity start to get sophisticated. IMO, the CISO may simply have no idea what should be the driving factor in different stage/generation.