Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.” As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strateg

Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly. Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not

One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install l

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat be

Sept. 19 is National IT Professionals Day, which got off the ground two years ago as a way to recognize and celebrate all the work, worry and downright wacky things that happen to IT professionals. For chief information security officers (CISOs), the event offers a chance to step back, take a hard look at teams and give credit where credit is due. With the i

Board directors have very little patience for technical jargon. Given the tremendous pressure executives are under to avoid headline-grabbing data breaches, CISO reports should align enterprise risks with their potential impacts on business objectives in terms that nontechnical board members can easily understand. An EY report titled “The Evolving Role

CISOs have a difficult path to success because their area of expertise is highly technical and one that few care to understand on a deep level. The success of today’s IT security leaders depends on their thought leadership and ability to present a continuous flow of understandable and interesting information that informs colleagues without jargon or fe

Security weaknesses often start at the top of organizations. According to Code42’s “CTRL-Z Study 2017,” 75 percent of CEOs and more than half of other top executives admitted that they use applications that are not approved by their IT department. This could be due to lack of engagement between the security team and the C-suite, management&

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having accurate

How would your organization’s leadership fare in its response to a full-on data breach? Regular and ongoing training can improve top leaders’ ability to respond to a cybersecurity breach and avoid doing additional damage to the reputation of the company as they deal with the repercussions. Organizations simply cannot afford to be lax about their

Given today’s unrelenting threat landscape, the chief information security officer (CISO) and his or her deputy CISO have arguably the toughest jobs on the organizational chart. Although it is a well-paid, respectable role, the CISO must be available to many different departments and remain savvy in all areas of cybersecurity due to the current IT ski

The recent WannaCry ransomware infections demonstrate an immediately known threat, but what about attacks that aren’t immediately identifiable and require deeper malware analysis? Imagine this scenario: A chief executive officer (CEO) and a chief information officer (CIO) sit and listen in disbelief as they hear that their company was attacked four mon

Is there an oversupply of chief information security officers (CISOs) in the cybersecurity job market? According to an Indeed report, the answer is yes — but the study’s statistics don’t tell the whole story. The economists behind the study found that employee interest in the CISO job market in the U.S. is more than double the actual demand for t

For many, the most common reporting structure in today’s business environment is overly complicated. The majority of security leaders around the world report directly to the chief information officer (CIO), which can cause an enormous amount of conflict. That reporting structure, however, is slowly changing for some companies. In those organizations,

The chief information security officer (CISO) position is among the most difficult roles to fill because the pool of qualified applicants is small and the job market is highly competitive. That’s why career succession planning is important for the enterprise and its staff. Six Keys to Successful Succession Planning Incumbent CISOs need to devote atte