أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
We shoud focus on both. But should focus more on vulnerabilities. Bacause thease are makeing theats.
They should focus more on threats cause vulnerabilities can be handle at the level of the network administrator.
Cybersecurity has become an essential part of any national security policy. It has become known that decision makers in the United States of America, the European Union, Russia, China, India and other countries have categorized cybersecurity / cybersecurity issues as a priority in their national defense policies. In addition, more than 130 countries around the world have announced the allocation of cyber warfare divisions and scenarios within national security teams. All these efforts are added to traditional security efforts to combat cybercrime, e-fraud and other aspects of cybersecurity.
In my opinoin, it is important to focus on both. Vulnerability is finding loopholes in the system and threats makes us understant that how to deal with real time problem or attack in the sytem. So vulnerability is more important to find loopholes in the system and fix them to secure the network.
Focus must be on both because they affect our systems and they are both imminent.However,vulnerabilities should be prioritized because this where the ball is.Focusing on threats may at times take us on a wild goose chase and wastage of resourses and time.But,it imperative to give it some reasonable consideration without ignoring it in totallity.
The question contains an 'or', not an 'and'. I'll pick vulnerabilities, as by definition, they are the known areas of weakness in your system. Address those weaknesses, and then you can begin to address the threats. Threats need a weakness to exploit in order to become a breach.
Both are important. In fact, a comprehensive identification of threats should drive the definition of a company's cyber security vulnerabilities. So specialists should focus on vulnerabilities because if those are addressed, then the threats are automatically taken care of.
am focusing on more in Threats, becuse threats only have assumption. in case vulnerabilty that we can easy findout using tools or checking the developement of the application etc..
Most threats are coming to the network form inside the organisation, it colud be unware usage of internet or using device which is not have proper updation.
From my experince most of incindents happens through email which is using naive users.
As Cyber Security professional we should focus on both areas but if we choose one of them then vulnerabilities, we will receive the threats if the system is vulnerable.
cybercrime professional should focus more on the vulnerability of their systems and network to make it formidable for attacks
I've addressed this in detail in my article:
Threat Smart I: Cyber Risk Management Done Right
Security begins with people, not systems. So the question itself is kind of misleading.
Whatever their roles, hire trainable consummate professionals who are threat smart, highly click-averse (suspicious) and committed to maintaining top notch security hygiene and data privacy. Leadership must be equally committed, submit to regular training like everybody else, and model good security hygiene. Training, testing, drills and games should include Social Engineering, Phishing, Ransomware, BEC (Business Email Compromise), Business Process Compromise and how Targeted (Cyber) Attacks are waged. Regular Social Media security and related home and mobile security risk training, also a must.
Words like threats and vulnerabilities are fast becoming clichés that can lure one into a false sense of security. If you have the human element right (as above), you're well on your way to building a threat smart culture. And yet 
all it takes is ONE weak link.
