Oct 25 2021

CISO Interview Series: Investing in Frameworks, Humans, and Your Technical Skills

Category: CISO,vCISODISC @ 7:24 am

The journey for someone to the role of Chief Information Security Officer (CISO) isn’t often straightforward. Take Sandy Dunn, for example. Per SailPoint, Sandy started as a paper delivery kid at 10 years old. She then worked her way through software sales, insurance, and even horses before becoming the CISO of a health insurance provider in Idaho.

All these “entry-level” jobs share one thing in common. They gave Sandy the experience to fulfill a CISO’s multifaceted responsibilities. But don’t just take my word for it. Check out my conversation with Sandy below.

“One skill I think every CISO needs is business acumen.”

Joe Pettit: Thanks for taking the time to speak with me today, Sandy. I would love to hear some of your views on the role of the modern CISO. How is it changing, and what are the essential skills that a CISO should have now?

Sandy Dunn: The required skills for a CISO is an interesting question. Every business is different, so really every CISO role will be slightly different with different expectations for where they fit in the organization. One skill I think every CISO needs is business acumen. You need to be able to understand how security fits into that specific business. Having some level of technical skills is important, too. It helps you with effective communication with your cybersecurity team about issues, tools, proposed remediation, and then to be able to explain everything they just told you back to the business or put it into a business context. Technical knowledge will benefit you in understanding the severity of a problem, too (independent of the volume of the voice who is bringing it) and determine if a situation is a one-alarm fire or a five-alarm fire.

“…one of the things I really had to (Read more…)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Joe Pettit. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/ciso-interview-series-investing-in-frameworks-humans-and-your-technical-skills/

The 5 Roles of Leadership: Tools & best practices for personable and effective leaders

Tags: CISO, Fractional CISO, vCISO

Jul 23 2021

Questions that help CISOs and boards have each other’s back

Category: CISO,vCISODISC @ 11:27 am

The ransomware threat posed by organized crime groups is considerable, and its impact can be devastating and threaten the entire business. This makes it imperative for boards to ensure the company has taken necessary cybersecurity precautions to resist the threat. Additionally, executives have seen the value of efficient infosec firsthand over the last eighteen months. The efforts security teams have made to keep businesses safely functioning during a global pandemic have been impressive, if not heroic.

Regardless of why the C-level is focusing on IT infrastructure and strategy, this interest presents an opportunity for security teams. I know this is true because over the last few years F-Secure’s board has been refining how we cooperate to make better decisions about our security posture and risk appetite.

At the core of this process has been the creation of questions we use to make the best use of our time together. When approached holistically and answered honestly, these queries allow us to understand if we are focused on the right things, whether we are achieving our goals, and where our gaps are.

Since we would have benefited by having a list to start with, we’re sharing five of ours now to help other organizations.

Start with the easier ones

Here are the first three questions that I expect board members to ask me whenever they get a chance:

  • What are the key threats against your top assets?
  • How do you protect your assets from cybersecurity threats?
  • Whose responsibility is it to implement protections?

Questions that help CISOs and boards have each other’s back

Chief Information Security Officer

Tags: CISO, CISO implementation guide, Fractional CISO, vCISO

May 28 2021

The evolution of the modern CISO

Category: CISO,vCISODISC @ 2:17 pm

The modern CISO

The role of CISO first emerged as organizations embraced digital revolutions and began relying on new data streams to help inform business decisions. As technology continued to advance and became more complex, so too did threat actors who saw new opportunities to disrupt businesses, by stealing or holding that data hostage for ransom.

As the years have gone by and cyberattacks have become more sophisticated, the role of the CISO has had to advance. The CISO has evolved from being the steward of data to also being a guardian for availability with the emergence of more destructive and disruptive attacks. The CISO also must be highly adaptable and serve as the connective tissue between security, privacy and ultimately, consumer trust.

The changing threat landscape

Previous blogs on CISO & vCISO

Virtual CISO - Virtual Chief Information Security Officer (vCISO)

Related latest CISO and vCISO titles

Tags: CISO, Fractional CISO, vCISO