Tuesday, April 29, 2014

How Do You Spell CISO? - What's a CISO Do? part 2

   A while back I started a new job as a CISO.  It's the second time I've held that title at an organization.  What's interesting about that is that both time it was a new position to the organization.  I wrote about my initial thoughts and plans in a post here.  I expanded upon those ideas in a follow-up post here.  This post will round out this series.  They will also serve as the "outline" of a talk I'll be doing at Secure360 this year.

   For those of you who are not familiar with Secure360, it's THE upper midwest US security conference.  There's still time to register, come on out and enjoy!

   There are many demands on the CISO.  But part of the art of the position is to juggle the more granular tasks with overall priorities while trying to be strategic.

Friday, April 11, 2014

Heartbleedbreaker

   Well, I had no intention of talking about this topic!  But there is so much confusion and misinformation out there.  And the mainstream media is really having a field day.

   So I'm jumping in with some facts, a few opinions, and some action steps that you be taking now.

   First we'll look at the consumer/user side of things.  Then the organization side.  Finally, I'll talk a bit more about what this is and what this isn't.

   If you use the Internet and enter any personal or financial information on any website, then you might be effected by this issue. To find out, follow these steps:

Tuesday, April 1, 2014

What's a CISO Do?

   A while back I started a new job as a CISO.  It's the second time I've held that title at an organization.  What's interesting about that is that both time it was a new position to the organization.  I wrote about my initial thoughts and plans in a post here.  That was before I started the job!  I've been meaning to follow up on that post, both to provide more insight and list next steps.

   In this post I'll dive a bit into the execution of the plans I originally discussed.  In another post I'll get into what came next, including the weightier topics of strategic and tactical plans.

   And yes, I know it's April 1st, but I'm keepin' it real!

   For my first 90 days on the job I tried to keep focus toward three key accomplishments:
  • Learn the business;
  • Start to establish a Culture of Security, and;
  • Baseline the environment.
   Let's talk a bit about each of these areas.