Mapping Out a Victory: Why Every CISO Needs to Become a Cartographer

Search for an image of any major military leader in the last 100 years, and you’ll likely find them with a map.

Great leaders don’t just act. They orient. And they rely on cartographers to interpret terrain, anticipate obstacles, and guide strategy.

Lieutenant General George Patton inspecting a map near Metz, France during World War 2.
Lieutenant General George Patton inspecting a map near Metz, France during World War II. Image courtesy of the U.S. Army.

In a recent LinkedIn Live with my friends former Navy SEAL Clint Bruce and retired U.S. Army Major General Viet Luong, we talked about the often-overlooked value of cartographers in military operations. They’re not on the front lines, but without them, missions fail before they begin.

That’s exactly the role CISOs need to play today.

In an era of sprawling hybrid environments, fast-moving threats, and constant change, CISOs can’t afford to operate in the dark. You can’t protect what you can’t see.

To lead with Zero Trust, you must become the cartographer of your environment, mapping the unknown, interpreting the terrain, and guiding your organization to safety and success.

You can’t defend what you can’t see

Zero Trust starts with a basic principle: know what you’re protecting.

Even now, I see many organizations struggling to know what’s in their environment, let alone how those systems talk to each other.  

Assets live in the cloud, in data centers, on laptops, in forgotten corners of the network. Traffic flows in ways nobody intended or can explain.

You can’t protect that. You can’t even begin to apply least privilege or microsegmentation until you see what’s there.

That’s where the idea of cartography comes in.  

You need a living, breathing map of your environment to understand how your systems, users, and workloads interact. That’s your terrain, and that’s what you’re defending.

Zero Trust isn’t a tech stack

I say this a lot because it’s important: many folks get Zero Trust wrong by thinking it’s a set of tools or a box to check. It’s not. It’s a strategy. And like any good strategy, it starts with orienting yourself.

Think about how special operations teams work. They don’t go in blind. They study the terrain. They know where the cliffs are, where the enemy might hide, where their own people will move. That’s what makes them effective.

CISOs need to operate the same way.  

You’re not sitting in a bunker giving orders. You’re leading a security strategy that has to align with the business. That starts with understanding what’s actually in play.

Clint said something else that’s worth repeating: “You don’t win by dominating terrain. You win by understanding it.”

That’s the mindset shift we need in cybersecurity.  

Too many leaders try to “own” the environment through more controls, more policies, and more tools. That’s not the point.  

You need to understand the relationships between things — the traffic flows, the dependencies, the vulnerabilities — so you can make informed, efficient decisions aligned with business goals.

You don’t win by dominating terrain. You win by understanding it.

Build a map everyone can use

Security is a team sport. It’s critical for security leadership to understand their environment, but it should also be something that’s accessible for the rest of the organization.  

Once you’ve mapped your environment, that map should become a shared foundation. Your architects can design better. Your SOC can respond faster. Your developers can avoid introducing risk.

That only happens if the map is clear, current, and accessible.

This is where technology matters. If your environment changes by the second (and it does), your visibility has to keep up.  

That’s why real-time observability tools like Illumio Insights are so important. They draw the map of your network, but they also keep it up to date and give you the context and prioritization you need. This means you're never operating on yesterday’s view.

Be your network’s cartographer

Cyberattacks aren’t going to slow down. In fact, they’re getting more sophisticated and more lateral.

If you want to lead with Zero Trust, then you have to stop guessing and start mapping. You have to be the cartographer.  

Generals study maps while planning campaigns. Strategic planning starts with understanding the terrain. You are your company’s Patton, Montgomery, or Schwarzkopf.  

If you don’t understand your terrain, you’re just reacting. You can’t win a war by reacting.

Map your environment. Know what matters. Then build your defenses accordingly.

That’s how you lead security — and win.

John Kindervag

Chief Evangelist

Ready to learn more about Zero Trust Segmentation?

Ready to learn more about Zero Trust Segmentation?