Disrupting Advanced Persistent Threats

The Cybercrime Revolution

Introducing CISO Blogs

This Is How All CISOs Should Build a Business Case

 

CISO Perspectives

Information Sharing: What to Share, With Whom, & How

Information Sharing: What to Share, With Whom, & How

There’s more to information sharing than calling the Feds. You also need to inform your partners in the event of a cybersecurity incident, not just third parties but fourth and fifth parties, too. You need to consider what information to share and how to share it. If your Microsoft Exchange server was exploited, for example, information sharing via email is far from advisable. Information sharing can be especially difficult for smaller organizations who may not have processes behind information sharing. All organizations must establish processes that include information sharing and also demonstrate the value of it to their employees.

What Cyber Resiliency and Broadway Have in Common

What Cyber Resiliency and Broadway Have in Common

“The show must go on” is not just a famous Queen song or a mantra in showbiz. Whether your network suffers a failed software update, a big storm cuts off your supply chain, or you have a major breach, you must do everything you can to keep the business running. In other words, your organization must be resilient. One aspect of cyber resilience is establishing a business continuity and disaster recovery plan. Perhaps the most important aspect of resiliency, however, is the resiliency of your team. It’s important to keep in mind the impact a major incident can have on your employees, especially in a post-pandemic world.

Add This to Your IR Plan Before It’s Too Late

Add This to Your IR Plan Before It’s Too Late

As the Scout motto states: Be prepared. Whether you’re camping in the woods, training for the Olympics, or practicing for a cyber incident, preparation is essential. With data security in general and incident response in particular, CISOs must ensure all members of the organization participate in monthly or quarterly table-top exercises. The traditional model – requiring employees to watch a training video once a year – is insufficient. Table-tops and incident training scenarios, while time consuming, are more than a best practice. They are essential for proper incident response preparedness.

A Conversation with Morgan Wright

A Conversation with Morgan Wright

Morgan Wright, Chief Security Advisor at SentinelOne, is an internationally recognized cybersecurity strategy, cyberterrorism, identity theft and privacy expert. Previously, Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program and Senior Law Enforcement Advisor for the 2012 Republican National Convention. His landmark testimony before Congress on Healthcare.gov changed how the Government collects PII and PHI. Morgan is also co-host of Game of Crimes, a long form true crime podcast.

Why CISOs Should Just Say “No” to Legacy Software

Why CISOs Should Just Say “No” to Legacy Software

Too often organizations play roulette with their legacy systems, which is fine until it’s not. If organizations can’t kick their legacy software habit, they better be prepared to protect it. CISOs will inevitably need more budget to maintain the software and protect the data within it, which may ultimately cost more than the more current version. Given the higher risks and costs, CISOs should just say “no” to legacy software.

Women in Cyber

A Conversation with Anne Marie Zettlemoyer

A Conversation with Anne Marie Zettlemoyer

Anne Marie Zettlemoyer is the Vice President of Security Engineering and Divisional Security Officer at Mastercard. She is a cyber strategist with over 20 years of experience and has served as a trusted advisor for Fortune 500 companies, government agencies, law enforcement and security vendors. Anne Marie holds an MBA from the University of Michigan and BAs in Accounting and Finance.

In this spirited interview, Anne Marie equates her cyber career path to a pretzel and tells an inspiring story about the importance of showing up. She also highlights two things vendors need to improve on, discusses the initiatives at Mastercard to stop cyber criminals, and shares the one quality you need if you want to make it in cybersecurity.

A Conversation with Katie Arrington

A Conversation with Katie Arrington

In this interview, Ms. Arrington shares her view from the Pentagon of the pandemic and how the experience mirrors the terrorist attacks on 9/11. She also shares an interesting story about how she got her start in cybersecurity, how FaceTime, telehealth and food delivery apps have become essential services during COVID, and the surprising individuals who inspire her the most.

CISO BLOGS

Measuring a Cyber Awareness Culture

Measuring a Cyber Awareness Culture

Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...

read more
Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

read more
Stagehand: Episode 3

Stagehand: Episode 3

Cyprus ~ 2006 Ali Hassan was a low-level operative in Hezbollah, but we had it on solid authority that he knew where three high-level leaders of the terrorist organization were hiding. Keith arrived fifty-seven hours into Hassan’s interrogation and by the looks of it,...

read more

CISO Sillies

Can You Hear Me Now?

Can You Hear Me Now?

Since the global pandemic chased everyone indoors, Zoom web meetings have become the new normal. We will figure this out. Eventually.

Beware The CISO’s Wrath

Beware The CISO’s Wrath

CISOs have a lot of patience. Patience however is a virtue that can be tested from time to time. As the old saying goes, if you’re not a part of the solution…