Posts

  • Navigating The First 90-180 Days In A New CISO Role

    Navigating The First 90-180 Days In A New CISO Role

    Late one Friday afternoon a call comes in and you find out you landed your next CISO role. All the interview prep, research, networking and public speaking has paid off! Then it dawns on you that you could be walking into a very difficult situation over the next few months. Even though the interview answered Read more

  • Build A Proactive Security Program By Focusing On The Fundamentals

    Build A Proactive Security Program By Focusing On The Fundamentals

    A common topic at security conferences, CISO dinners and networking events is: “how you are preparing your program for a new and upcoming regulation?” For CISOs, this conversation is a way to exchange ideas, gather information and compare programs. Unfortunately, CISOs often express feeling underprepared for the upcoming shift in the regulatory landscape causing them Read more

  • Is Agile and DevOps Holding Back Your Security Program?

    Is Agile and DevOps Holding Back Your Security Program?

    There are a variety of development models you can run into as a CISO. If you are in the defense or government sector your engineering teams will probably use something like waterfall. However, if your company produces software products or services then most likely your organization uses Agile or SAFe and DevOps as the core Read more

  • Should Security Be An Approver For IT and Business Requests?

    Should Security Be An Approver For IT and Business Requests?

    Over the course of my career I have consistently seen security in the approval chain for various IT operations and business requests, such as identity, network and even customer contracts. Having security in the approval chain may seem logical at first glance, but it can actually mask or exacerbate underlying operations issues. Having a second Read more

  • Following SnowFlake, Cloud Providers Need To Shift To Secure By Default

    Following SnowFlake, Cloud Providers Need To Shift To Secure By Default

    In May 2024, SnowFlake experienced a data breach as a result of exposed credentials that allowed a threat actor to access customer accounts that weren’t secured with MFA. The fallout from this data breach ultimately impacted large SnowFlake customers like Ticketmaster, AutoZone, Santander Bank and AT&T. Following the announcement of the breach, SnowFlake implemented refined Read more

  • Navigating The CISO Job Market

    Navigating The CISO Job Market

    I had an interesting conversation with a friend over coffee last week and we were discussing how weird the CISO job market is right now. Even though the unemployment rates are favorable, the tech sector has actually seen slightly negative employment growth rates, which is not normal. This is largely due to a hangover effect Read more