CISO's perspective from the frontlines
Have you ever wondered why many security strategies look more like a BINGO card than actual strategy? Organizations are still rarely proactive about cyber security. Usually something triggers organizations’ decision to invest in cyber security, whether they suffered a breach, they are required to do so by some regulations, their clients demanding it, or they decide to IPO, just to name a...
Once upon a time in a company far far away Several years ago, in a different organization, my team and I successfully implemented a Vulnerability Management program. It was a massive undertaking, taking over a year to complete and sizable budget. Our goal was to continuously scan over 100,000 devices and automate the reporting of findings to relevant teams. The project went beyond reporting by...
Discovery of security issues is important, but ultimately we need to remediate them. So why do so many solutions seem to stop short?
In this episode of Defense in Depth, I joined as a guest co-host to David Spark (@dspark), the producer of CISO Series, and our guest, Neil Watkins, SVP technology and cybersecurity services, i3 Verticals.
Trust is the bedrock of any successful and healthy relationships. In organizations, it fosters collaboration, empowers team members, strengthens decision-making, and inspires confidence in leadership. Building trust takes time and consistent effort, but the rewards are a culture of transparency, accountability, and a workforce that is both motivated and secure. Therefore it is critical for CISOs...
In this episode of CISO Series, Cyber Security Headlines, I am reviewing this week’s cyber security headlines and stories with Richard Stroffolino. We talked about: Vulnerability in Apple’s Silicon M-series chips can’t be patched APT31 uses family members to surveil targets MFA bombing attacks target Apple users Think tank calls for US military cyber service Google recommends scam sites Spyware...
CISOs are bombarded with pitches from security product vendors, that all sound the same “We give the CISO visibility“. They tout their dashboards, each claiming to offer the most comprehensive, in-depth view of the security landscape, send alerts to the SIEM or give you various reports. But here’s the truth: visibility without actionability is just noise. The problem with...
“What does a Cyber Security Practice Model should look like?”, I’ve been asked that question many times over the years, and with the lack of standard in this field, I had and also heard different answers. Ultimately, I was looking for a simple model where the building blocks of a security practice can be understood even by those who are not experts in the filed. The model I came...
Recently I finished reading the book Range: Why Generalists Triumph in a Specialized World by David Epstein, which I find not only interesting but very relevant to Cybersecurity. Our world is becoming increasingly specialized, and it’s easy to believe that the key to success is to focus on one thing and become an expert. This is especially true in Cybersecurity where over the years I had...
CISOs talk to each other, a lot!!! even on weekends, and when something is going on the word is getting our fast. We also rely on each other professionally and mentally, and some time even emotionally. A few weeks ago, in a conversation with other CISO friends. I expressed my frustration about a sales tactic a Business Development Representative (BDR) tried to use on me, and boy the flood gates...
A few years ago I watched Simon Sinek excellent talk “Most Leaders Don’t Even know the game they are in” and it changed completely how I am thinking about practicing cybersecurity. In his talk, Sinek presented the concept of finite vs. infinite games, and how this concept applies to leadership. Finite game vs. infinite game A finite game as a game with known players, fixed...
CISO's perspective from the frontlines