Organizations today have to balance the need for continuous evolution along the digital continuum with the need to protect their data and operations and keep cyber risk at an acceptable level. The chief information security officer (CISO) role is uniquely positioned to help organizations manage those dualities, but it requires a different set of leadership q

Historically speaking, having a plan of attack has gotten a bad rap. Helmuth von Moltke the Elder, who famously said, “No plan survives contact with the enemy,” shared that sentiment with a predecessor in war, Napoleon Bonaparte, who said, “I never had a plan of operations.” Eisenhower warmed up to planning a bit: “In preparing

Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Simon Crocker, Cisco’s EMEAR lead for SOC Advisory looks at what goes into making a SOC work effectively. This talk discusses the core SOC requirements around monitoring and incident response function, but also touches on some of the other serv

Presentation on Zero Trust and the importance of identity in breach response and recovery (as given at InfoSec Europe 2019 on the tech talk track). Richard Dean, Cisco’s EMEAR Head Of Security Advisory Services looks at Cisco’s approach to zero trust. This talk discusses the need to monitoring your users’ access and privileges and how securing t

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy

Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.” As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strateg

Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly. Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not

One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install l

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat be

Sept. 19 is National IT Professionals Day, which got off the ground two years ago as a way to recognize and celebrate all the work, worry and downright wacky things that happen to IT professionals. For chief information security officers (CISOs), the event offers a chance to step back, take a hard look at teams and give credit where credit is due. With the i

Board directors have very little patience for technical jargon. Given the tremendous pressure executives are under to avoid headline-grabbing data breaches, CISO reports should align enterprise risks with their potential impacts on business objectives in terms that nontechnical board members can easily understand. An EY report titled “The Evolving Role

CISOs have a difficult path to success because their area of expertise is highly technical and one that few care to understand on a deep level. The success of today’s IT security leaders depends on their thought leadership and ability to present a continuous flow of understandable and interesting information that informs colleagues without jargon or fe

Security weaknesses often start at the top of organizations. According to Code42’s “CTRL-Z Study 2017,” 75 percent of CEOs and more than half of other top executives admitted that they use applications that are not approved by their IT department. This could be due to lack of engagement between the security team and the C-suite, management&

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having accurate

How would your organization’s leadership fare in its response to a full-on data breach? Regular and ongoing training can improve top leaders’ ability to respond to a cybersecurity breach and avoid doing additional damage to the reputation of the company as they deal with the repercussions. Organizations simply cannot afford to be lax about their