Preparation was the A-Team’s key to success. Is it any different for a CISO? You know the old saying: when you fail to plan, you plan to fail. This applies to tough guys ambushing bad guys or CISOs protecting an organization’s intellectual property.
CISO Interviews
Alan Levine Answers Your NIST CSF Questions
Alan Levine, cybersecurity advisor and recently retired CISO for Alcoa, recently presented “True North: A Path to NIST Cybersecurity Framework Success.” Alan’s presentation generated lots of great questions, which he graciously answered below. If you missed his presentation or would like to watch it again, you can view it below.
Do CISOs Have Hoop Dreams When Talking to Their Teams?
The best CISOs are expert communicators. They articulate their strategy efficiently and effectively, and they tailor it for each stakeholder audience. In this regard a CISO is a lot like a professional basketball coach. A basketball coach communicates differently to players, coaches and owners. With players, the coach communicates the importance of fundamentals and preparation for the next game.
The Secret to CISO Success? Be Offensive.
Just about anyone who engages in some form of competition knows the best defense is a good offense. When an opponent moves or strikes first, he is in control and therefore possesses a strategic advantage. Modern CISOs have adopted this approach but it represents a shift in thinking. Cybersecurity originated as a defensive action. CISOs focused on repelling attacks and preventing data from unauthorized access.
Instead of Asking a CISO ‘What Keeps You Up at Night,’ Ask This
a CISO has never been asked “what keeps you up at night,” either no one knows he’s a CISO or everyone knows he’s a lousy CISO and doesn’t bother asking. Ideally, a CISO has the right programs, processes, and people in place so that he can sleep at night. This is every CISO’s goal. Once the fundamentals have been addressed and everyone in the organization knows what to do, how to do it, and when to do it, the CISO can prepare for tomorrow rather than worry about today. Then the pressing question asked of CISOs becomes not “what keeps you up at night,” but instead “what gets you out of bed every morning.” This new question represents a new mindset.
Want to Beat COVID-19? Consult a CISO
To paraphrase the military mastermind Sun Tzu, you must know your enemy before you can defeat him. Infectious disease experts around the world look to do the same with the coronavirus. To contain a viral outbreak, scientists must identify the virus’ origin and track its spread. Once located, scientists study the virus’ behavior and develop a containment plan. CISOs work the same way. At the first sign of malware or another virus, CISOs analyze metadata and user behavior to locate the malicious file or code. Security teams learn how the virus got in and how it spread. All impacted systems, applications, and endpoints must be quarantined. To beat an enemy, you must know how the enemy operates, regardless of whether the fight takes place in the natural world, a corporate network, or on the battlefield.
You May Never Become a CISO Unless You Learn This Vital Skill
There’s much more to the CISO role than technology expertise. For some CISO roles, technology expertise is just the price of admission. For others, technology expertise is viewed as a limitation and therefore relegated to direct reports. There is vast ecosystem of cybersecurity solutions and it’s possible (although not practical) to build a defense so impermeable that nothing bad gets in and nothing sensitive leaks out. While that may seem ideal, the business cannot function under these extremes.
To Reach the Top, Do This Extremely Well
For CISOs who desire the proverbial seat at the table, they must do more than protect the business. They must intimately know the business; how it functions, what are its competitive advantages, and, of course, where are the inherent risks. As a CISO, do you know who your internal and external customers are?
Modern CISOs Don’t Say This Word Anymore
When it’s your job to limit risk, it’s understandable to be wary of anything new. It’s much easier to stick to the formula because it’s safe and predictable. In a competitive business environment, however, the company that avoids innovation falls behind. Nevertheless if a company adopts a new technology solution with no consideration given to protecting customer information or intellectual property, a data breach is inevitable.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Sponsored Content
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.