Posts

  • Chief Incident Scapegoat Officer (CISO)?

    Chief Incident Scapegoat Officer (CISO)?

    Last week the SEC filed a complaint in the Southern District of New York charging SolarWinds and specifically its CISO, Timothy Brown, with fraud. According to the compliant, the SEC alleges the company and Brown made false statements about its security posture to investors. Along with the Uber CISO, Joseph Sullivan, this is the second Read more

  • Exploring The Advantages and Disadvantages of Centralized vs. Decentralized Teams

    Exploring The Advantages and Disadvantages of Centralized vs. Decentralized Teams

    This blog post is part of the Compliance Corner Series developed in partnership with Milan Patel. This series includes a variety of discussion topics around the intersection of security and compliance. The series includes blog posts, live web streams (with Q&A) and podcasts. What is more effective – A decentralized or centralized security and compliance team? What are the factors you Read more

  • What Causes CISO Burnout?

    What Causes CISO Burnout?

    Burnout isn’t exclusive to the security industry, but it certainly seems like there is a higher incidence of burnout within security and particularly among CISOs. I have had my fair share of burnout and have tried a lot of different techniques to recover, however for this post I want to cover – What are the Read more

  • What happens post incident?

    What happens post incident?

    One of the most exciting, stressful and true tests of a CSOs ability to lead during crisis is during a security incident. Unfortunately, it is inevitable that CSOs will experience several security incidents during their tenure. This could be something as small as a configuration error, or as large as a full on public data Read more

  • Compliance Corner Series: Building A Successful Security & Compliance Program

    Compliance Corner Series: Building A Successful Security & Compliance Program

    This blog post is part of the Compliance Corner Series developed in partnership with Milan Patel. This series includes a variety of discussion topics around the intersection of security and compliance. The series includes blog posts, live web streams (with Q&A) and podcasts. What are the primary factors, considerations, and challenges that a security leader Read more

  • The Most Powerful Word A CSO Can Say Is No

    The Most Powerful Word A CSO Can Say Is No

    A Tale Of Two Extremes A few weeks ago I was sitting across the dinner table from a CIO and a CISO who were discussing how security works within their specific businesses. The CIO was complaining that the security team had unreasonable processes that slowed down his ability to deliver new technology projects within his Read more