Alan leverages a 30 year global CISO career to share best practices in cybersecurity. He is an expert in risk management, reputation risk, the regulatory environment and other responsibilities the modern CISO must juggle. Alan is currently a cyber security advisor and is on the faculty and advisory board of the Heinz College CISO Executive Program at Carnegie Mellon University. You can find him on LinkedIn.
Ransomware: When Policy Matters Most
Most CISOs divide their approach to cyber defense into three pillars: people, technology, and processes. These pillars define a cybersecurity program’s defensive architecture and arsenal, available assets, and policies and procedures that together inform...
Selling to a CISO? Practice Empathy, Not Salesmanship
The cyber security marketplace is hot. Ask any candidate for a cybersecurity role. Better yet, ask any supplier to CISOs. The supplier audience is especially vast, and it’s continuing to grow. Just three years ago, there were estimated to be less than 2,000...
Good Enough Isn’t Good Enough Anymore
The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability. In light of these increasing challenges, our cyber defenses...
The Dark at the Top of the Stairs
Let’s say you need to apply a critical patch across the organization, and the patch requires a reboot. While forcing a reboot to apply a critical patch is important, it creates business disruption that ripples out to your customers. Sooner or later, someone in the...
Effective Board Communication for CISOs
Know Your Board If you’re a CISO, your Board generally knows who you are and what you do. But do you know who they are? No Board is monolithic. Each Board member brings unique value to the Board. Each is selected for what they add to the Board’s perspective, vision,...
CISO Interviews and Panels
Want to Be a CISO? Know This First.
“Trust but verify” is a mantra CISOs have traditionally applied to IT security but are now embracing when vetting technologies and technology vendors. Confined by tight budgets and an aversion to shelfware, CISOs need to be extremely confident in their technology investments. Ultimately, referrals, not flashy demos, matter. So for technology vendors looking to sell to CISOs, make sure your current customers love your product before selling it to anyone else.
Alan Levine Answers Your NIST CSF Questions
Alan Levine, cybersecurity advisor and recently retired CISO for Alcoa, recently presented “True North: A Path to NIST Cybersecurity Framework Success.” Alan’s presentation generated lots of great questions, which he graciously answered below. If you missed his presentation or would like to watch it again, you can view it below.
Instead of Asking a CISO ‘What Keeps You Up at Night,’ Ask This
a CISO has never been asked “what keeps you up at night,” either no one knows he’s a CISO or everyone knows he’s a lousy CISO and doesn’t bother asking. Ideally, a CISO has the right programs, processes, and people in place so that he can sleep at night. This is every CISO’s goal. Once the fundamentals have been addressed and everyone in the organization knows what to do, how to do it, and when to do it, the CISO can prepare for tomorrow rather than worry about today. Then the pressing question asked of CISOs becomes not “what keeps you up at night,” but instead “what gets you out of bed every morning.” This new question represents a new mindset.
How Dirty Is Your Supply Chain?
Managing vendors, partners and suppliers can be a dirty job. What do soap and your supply chain have in common?