Select Page

Articles

Ransomware: When Policy Matters Most

Ransomware: When Policy Matters Most

Most CISOs divide their approach to cyber defense into three pillars: people, technology, and processes. These pillars define a cybersecurity program’s defensive architecture and arsenal, available assets, and policies and procedures that together inform...

Selling to a CISO? Practice Empathy, Not Salesmanship

Selling to a CISO? Practice Empathy, Not Salesmanship

The cyber security marketplace is hot. Ask any candidate for a cybersecurity role. Better yet, ask any supplier to CISOs. The supplier audience is especially vast, and it’s continuing to grow. Just three years ago, there were estimated to be less than 2,000...

Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

The Dark at the Top of the Stairs

The Dark at the Top of the Stairs

Let’s say you need to apply a critical patch across the organization, and the patch requires a reboot. While forcing a reboot to apply a critical patch is important, it creates business disruption that ripples out to your customers. Sooner or later, someone in the...

Effective Board Communication for CISOs

Effective Board Communication for CISOs

Know Your Board If you’re a CISO, your Board generally knows who you are and what you do. But do you know who they are? No Board is monolithic. Each Board member brings unique value to the Board. Each is selected for what they add to the Board’s perspective, vision,...

CISO Interviews and Panels

Want to Be a CISO? Know This First.

Want to Be a CISO? Know This First.

“Trust but verify” is a mantra CISOs have traditionally applied to IT security but are now embracing when vetting technologies and technology vendors. Confined by tight budgets and an aversion to shelfware, CISOs need to be extremely confident in their technology investments. Ultimately, referrals, not flashy demos, matter. So for technology vendors looking to sell to CISOs, make sure your current customers love your product before selling it to anyone else.

Alan Levine Answers Your NIST CSF Questions

Alan Levine Answers Your NIST CSF Questions

Alan Levine, cybersecurity advisor and recently retired CISO for Alcoa, recently presented “True North: A Path to NIST Cybersecurity Framework Success.” Alan’s presentation generated lots of great questions, which he graciously answered below. If you missed his presentation or would like to watch it again, you can view it below.

Instead of Asking a CISO ‘What Keeps You Up at Night,’ Ask This

Instead of Asking a CISO ‘What Keeps You Up at Night,’ Ask This

a CISO has never been asked “what keeps you up at night,” either no one knows he’s a CISO or everyone knows he’s a lousy CISO and doesn’t bother asking. Ideally, a CISO has the right programs, processes, and people in place so that he can sleep at night. This is every CISO’s goal. Once the fundamentals have been addressed and everyone in the organization knows what to do, how to do it, and when to do it, the CISO can prepare for tomorrow rather than worry about today. Then the pressing question asked of CISOs becomes not “what keeps you up at night,” but instead “what gets you out of bed every morning.” This new question represents a new mindset.

Share This