CISOs are bombarded with pitches from security product vendors, that all sound the same “We give the CISO visibility“. They tout their dashboards, each claiming to offer the most comprehensive, in-depth view of the security landscape, send alerts to the SIEM or give you various reports. But here’s the truth: visibility without actionability is just noise. The problem with...
Visibility without action is just noise
Cyber Security Hierarchy of Needs
“What does a Cyber Security Practice Model should look like?”, I’ve been asked that question many times over the years, and with the lack of standard in this field, I had and also heard different answers. Ultimately, I was looking for a simple model where the building blocks of a security practice can be understood even by those who are not experts in the filed. The model I came...
Why Generalists Triumph in a Specialized World
Recently I finished reading the book Range: Why Generalists Triumph in a Specialized World by David Epstein, which I find not only interesting but very relevant to Cybersecurity. Our world is becoming increasingly specialized, and it’s easy to believe that the key to success is to focus on one thing and become an expert. This is especially true in Cybersecurity where over the years I had...
Vendors, Stop shooting yourselves in the foot
CISOs talk to each other, a lot!!! even on weekends, and when something is going on the word is getting our fast. We also rely on each other professionally and mentally, and some time even emotionally. A few weeks ago, in a conversation with other CISO friends. I expressed my frustration about a sales tactic a Business Development Representative (BDR) tried to use on me, and boy the flood gates...
Which security game are you playing?
A few years ago I watched Simon Sinek excellent talk “Most Leaders Don’t Even know the game they are in” and it changed completely how I am thinking about practicing cybersecurity. In his talk, Sinek presented the concept of finite vs. infinite games, and how this concept applies to leadership. Finite game vs. infinite game A finite game as a game with known players, fixed...
Interviewing for a CISO role – Part 2
In the previous post (Part 1), we explored some business questions you, the prospective CISO, should ask to truly grasp the organization’s landscape and set yourself up for success. In this part we will focus on questions about the position itself. This is important because the previous questions were understanding the company’s DNA, and gain understanding if the organization and its culture are...
Interviewing for a CISO role – Part 1
Landing a CISO interview is thrilling, especially for newcomers! But be prepared for a marathon. These interviews can involve multiple rounds with numerous participants, particularly if it’s the organization’s first CISO hire. The most I ever had was 19 people who interviewed me. Yes, you read it right! So why does it take so long? because many times organizations don’t really...
Essential Skills for a Thriving CISO: The modern Renaissance man
Cybersecurity isn't just a cost anymore, it's a strategic advantage. That's why CISOs have gone from behind-the-scenes techies to boardroom influencers. The CISO is a Renaissance figure of the digital age - blending tech mastery, strategic foresight, and human touch. This path is demanding, but for those who answer, the triumphs are equally profound.
4 Ways to Stop Self-Sabotage
Do you ever feel like you’re your own worst critic? You set goals, make plans, and then suddenly find yourself veering off course, tripped up by negative thoughts and self-doubt. Welcome to the club! I recently listened to Dr. Judy Ho excellent audiobook: 4 ways to stop self sabotage. It is a short 30 minuted audiobook and has great tips and strategies. Self-sabotage is a surprisingly...
So, you want to be a CISO
Ever dreamt of becoming a CISO? Before grabbing the reins, consider the motivations. Titles and fat checks are tempting, but the reality is demanding, stressful, and requires more than tech mastery. The right reasons? Leadership, protecting critical assets, building high-performing teams, and shaping a security-aware culture. The best part? Collaborating with an amazing security community. But...