Sept. 19 is National IT Professionals Day, which got off the ground two years ago as a way to recognize and celebrate all the work, worry and downright wacky things that happen to IT professionals. For chief information security officers (CISOs), the event offers a chance to step back, take a hard look at teams and give credit where credit is due. With the i

Board directors have very little patience for technical jargon. Given the tremendous pressure executives are under to avoid headline-grabbing data breaches, CISO reports should align enterprise risks with their potential impacts on business objectives in terms that nontechnical board members can easily understand. An EY report titled “The Evolving Role

CISOs have a difficult path to success because their area of expertise is highly technical and one that few care to understand on a deep level. The success of today’s IT security leaders depends on their thought leadership and ability to present a continuous flow of understandable and interesting information that informs colleagues without jargon or fe

Security weaknesses often start at the top of organizations. According to Code42’s “CTRL-Z Study 2017,” 75 percent of CEOs and more than half of other top executives admitted that they use applications that are not approved by their IT department. This could be due to lack of engagement between the security team and the C-suite, management&

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having accurate

How would your organization’s leadership fare in its response to a full-on data breach? Regular and ongoing training can improve top leaders’ ability to respond to a cybersecurity breach and avoid doing additional damage to the reputation of the company as they deal with the repercussions. Organizations simply cannot afford to be lax about their

Given today’s unrelenting threat landscape, the chief information security officer (CISO) and his or her deputy CISO have arguably the toughest jobs on the organizational chart. Although it is a well-paid, respectable role, the CISO must be available to many different departments and remain savvy in all areas of cybersecurity due to the current IT ski

The recent WannaCry ransomware infections demonstrate an immediately known threat, but what about attacks that aren’t immediately identifiable and require deeper malware analysis? Imagine this scenario: A chief executive officer (CEO) and a chief information officer (CIO) sit and listen in disbelief as they hear that their company was attacked four mon

Is there an oversupply of chief information security officers (CISOs) in the cybersecurity job market? According to an Indeed report, the answer is yes — but the study’s statistics don’t tell the whole story. The economists behind the study found that employee interest in the CISO job market in the U.S. is more than double the actual demand for t

For many, the most common reporting structure in today’s business environment is overly complicated. The majority of security leaders around the world report directly to the chief information officer (CIO), which can cause an enormous amount of conflict. That reporting structure, however, is slowly changing for some companies. In those organizations,

The chief information security officer (CISO) position is among the most difficult roles to fill because the pool of qualified applicants is small and the job market is highly competitive. That’s why career succession planning is important for the enterprise and its staff. Six Keys to Successful Succession Planning Incumbent CISOs need to devote atte

The scope and sophistication of cybercrime continues to grow, with the Dark Web marketplace evolving to provide an ecosystem and even a language designed for the needs of organized crime and other bad actors. In the face of this challenge, enterprises are still too reactive in their cybersecurity practices. This remains the case even though almost everyone u

The role of the chief information security officer (CISO) must continually evolve just as businesses do. The next-generation security leader has to grasp the various demands of the board, and communicate security risks and strategies in terms directors can understand. To protect the organization’s assets from the ever-changing threat landscape, this l

Security professionals are never at a loss for words when it comes to security practices across the enterprise. Users keep on creating the same old weak passwords, clicking dodgy links and opening suspicious attachments. Developers, in a rush to agility, often leave security as an afterthought. Meanwhile, the C-suite frets about potential breaches but doesn

When it is time to talk to your senior management about information security, what is the most effective way to do so? That question was recently posed on this LinkedIn forum of IT security managers. The answers were thoughtful and varied, and can serve as good examples for your own strategy. Discussing Security in Business Terms One of the first comments