CISO Suite

5 Essential Duties CISOs Dread

CISOs are highly paid and short-lived in their positions for a reason. It’s a relentlessly difficult job to do well, requiring a unique mix of skills to pull it off successfully. Great CISOs need to have the technical chops to know whether their team is effectively managing infrastructure and to keep abreast of cyberthreats...

What is the State of Your Union?

Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the "state of the union” and recommend any measures that he believes are necessary and expedient.". What if you as an information security leader held an...

Read More

Security Boulevard Chats: Bond, Jane Bond w/ Chenxi Wang, Jane Bond Project

In this Security Boulevard Chat we speak with well known security expert, Chenxi Wang. Chenxi has started her own security consulting organization called the Jane Bond Project. Chenxi has a ton of experience as both a security practitioner, vendor and analyst. She is also a champion for diversity in our industry! Below is the...

Read More

Global Cybersecurity Standards … Another Plea

“The Editor’s Letter,” in the May 2017 issue of the Communications of the ACM (CACM) by Moshe Y Vardi is about “Cyber Insecurity and Cyber Libertarianism.” The column is available at https://cacm.acm.org/magazines/2017/5/216316-cyber-insecurity-and-cyber-libertarianism/fulltext# Vardi’s column recognizes the deficiencies in cybersecurity that I’ve...

Read More

“Cyber” Is Not an Appropriate Risk Category

“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of this (and other reasons, of...

Read More

Cybersecurity Risk Model … Implicit or Explicit Consensus?

Whenever you engage with an online vendor or service, you must first click on the “Agree” button to indicate that you will honor the stated terms and conditions mandated by the site owner. Most individuals click the “Agree” button without thinking, knowing that activating the “Don’t Agree” button will result in your not being able...

Read More

Countdown List: 5 Tips to get the Most from Your Penetration Testers

All CISOs know at least one story of a penetration test that went wrong. And many of them can share stories of penetration tests that went deeply wrong. For this reason, it is a worthwhile exercise to take account of best practices in managing such engagements. This is important for modern enterprise security teams given … Read More The post Countdown List: 5 Tips to get the Most from...

Read More