SBN

Cybersecurity Insights with Contrast CISO David Lindner | 8/19

Skip to content

Cybersecurity Insights with Contrast CISO David Lindner | 8/19

Cybersecurity Insights with Contrast CISO David Lindner | 8/19

Insight #1

The National Defense Authorization Act for Fiscal Year 2023 was recently passed by the US House. This bill has a provision requiring any software purchased by the Department of Defense to be free of all known CVEs. The age of SBOM is here, and even if you are not selling directly to the DoD this sort of requirement will make its way into the private sector.”
 

Insight #2

“The CISO role has been evolving for the past 20+ years. Every organization small and large now has CISOs or in a lot of cases multiple CISOs or BISOs. What has never been solidified is the reporting structure for CISOs, it is all over the place as seen by numerous research studies. However, a recent study shows that 88% of boards of directors see cyber security as a fundamental risk for business operations. It’s time CISOs report directly to the board.”
 

Insight #3

I read a cyber security operations analyst job description this past week that included 30 job requirements and responsibilities, required multiple certifications, required at least 3 years of experience and a college degree. The feasibility and likelihood of success of one person to be responsible for 30 different things are zero. Go fix your job descriptions and hyper-focus your teams.”

 

David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.

Insight #1

The National Defense Authorization Act for Fiscal Year 2023 was recently passed by the US House. This bill has a provision requiring any software purchased by the Department of Defense to be free of all known CVEs. The age of SBOM is here, and even if you are not selling directly to the DoD this sort of requirement will make its way into the private sector.”
 

Insight #2

“The CISO role has been evolving for the past 20+ years. Every organization small and large now has CISOs or in a lot of cases multiple CISOs or BISOs. What has never been solidified is the reporting structure for CISOs, it is all over the place as seen by numerous research studies. However, a recent study shows that 88% of boards of directors see cyber security as a fundamental risk for business operations. It’s time CISOs report directly to the board.”
 

Insight #3

I read a cyber security operations analyst job description this past week that included 30 job requirements and responsibilities, required multiple certifications, required at least 3 years of experience and a college degree. The feasibility and likelihood of success of one person to be responsible for 30 different things are zero. Go fix your job descriptions and hyper-focus your teams.”

 

*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by David Lindner, Director, Application Security. Read the original post at: https://www.contrastsecurity.com/security-influencers/cybersecurity-insights-with-contrast-ciso-david-lindner-8/19