As the business world navigates the ups and downs of today’s economy, a mindset shift is required to maintain cyber resilience. Cybersecurity, often an afterthought in a strong economy, must not be neglected in responding to shifts in the business landscape. As more companies expand their remote workforce, the number of endpoints with access to corpora

As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Taking time to refine business communication can help those in security and technical leadership roles heighten the effectiveness of their messaging and ensure

In a previous blog post, I covered some of the challenges encountered by security operations centers (SOCs) and how leveraging artificial intelligence (AI) can help alleviate these challenges, including the cybersecurity skills shortage, unaddressed security risks and long dwell times. According to ISACA’s State of Cybersecurity Report, 78 percent of r

Organizations today have to balance the need for continuous evolution along the digital continuum with the need to protect their data and operations and keep cyber risk at an acceptable level. The chief information security officer (CISO) role is uniquely positioned to help organizations manage those dualities, but it requires a different set of leadership q

Historically speaking, having a plan of attack has gotten a bad rap. Helmuth von Moltke the Elder, who famously said, “No plan survives contact with the enemy,” shared that sentiment with a predecessor in war, Napoleon Bonaparte, who said, “I never had a plan of operations.” Eisenhower warmed up to planning a bit: “In preparing

Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Simon Crocker, Cisco’s EMEAR lead for SOC Advisory looks at what goes into making a SOC work effectively. This talk discusses the core SOC requirements around monitoring and incident response function, but also touches on some of the other serv

Presentation on Zero Trust and the importance of identity in breach response and recovery (as given at InfoSec Europe 2019 on the tech talk track). Richard Dean, Cisco’s EMEAR Head Of Security Advisory Services looks at Cisco’s approach to zero trust. This talk discusses the need to monitoring your users’ access and privileges and how securing t

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy

Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.” As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strateg

Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly. Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not

One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install l

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat be

Sept. 19 is National IT Professionals Day, which got off the ground two years ago as a way to recognize and celebrate all the work, worry and downright wacky things that happen to IT professionals. For chief information security officers (CISOs), the event offers a chance to step back, take a hard look at teams and give credit where credit is due. With the i

Board directors have very little patience for technical jargon. Given the tremendous pressure executives are under to avoid headline-grabbing data breaches, CISO reports should align enterprise risks with their potential impacts on business objectives in terms that nontechnical board members can easily understand. An EY report titled “The Evolving Role

CISOs have a difficult path to success because their area of expertise is highly technical and one that few care to understand on a deep level. The success of today’s IT security leaders depends on their thought leadership and ability to present a continuous flow of understandable and interesting information that informs colleagues without jargon or fe