Building Your 2026 Cybersecurity Audit Plan

James Trella, a veteran SANS instructor and cyber‑risk specialist, opened the webcast by framing the 2026 cybersecurity audit plan as a strategic imperative for any organization seeking to protect its mission. He highlighted his decades of experience authoring CIS Controls and conducting assessments at Cyarity, positioning the session as a practical guide for auditors, GRC teams, and board‑level stakeholders preparing their annual audit roadmaps. The core of the discussion centered on safeguard validation: auditors must identify missing controls that could let threats materialize. Trella warned against the complacency of repeatedly auditing the same legacy domains—such as identity and access—while neglecting newer vectors like SaaS, cloud-native services, DevOps pipelines, and AI‑driven threats. He advocated a balanced scope that blends traditional controls with emerging technology risks, ensuring comprehensive assurance for executives. A memorable analogy compared early‑era “wizards”—single experts who manually defended networks—to today’s data‑scientist‑style teams that rely on standardized, measurable safeguards. Trella emphasized that the art of cybersecurity is shrinking as frameworks become more definitive, and auditors now have the tools to measure “what good looks like.” He also stressed the importance of a two‑way feedback loop with the broader SANS community to refine audit practices continuously. The takeaway for businesses is clear: a forward‑looking, data‑driven audit plan not only satisfies compliance requirements but also translates technical risk into business language that boards can act on. By integrating emerging tech considerations, maintaining legacy oversight, and fostering community input, organizations can improve risk visibility, allocate resources more effectively, and strengthen overall mission resilience.