CISO's perspective from the frontlines
My blog posts on Cybersecurity, Life as a CISO, Positivity, Leadership, Strategy, Mentorship, Security ventures and advisory
Have you ever wondered why many security strategies look more like a BINGO card than actual strategy? Organizations are still rarely proactive about cyber security. Usually something triggers organizations’ decision to invest in cyber security, whether they suffered a breach, they are required to do so by some regulations, their clients demanding it, or they decide to IPO, just to name a...
Once upon a time in a company far far away Several years ago, in a different organization, my team and I successfully implemented a Vulnerability Management program. It was a massive undertaking, taking over a year to complete and sizable budget. Our goal was to continuously scan over 100,000 devices and automate the reporting of findings to relevant teams. The project went beyond reporting by...
Trust is the bedrock of any successful and healthy relationships. In organizations, it fosters collaboration, empowers team members, strengthens decision-making, and inspires confidence in leadership. Building trust takes time and consistent effort, but the rewards are a culture of transparency, accountability, and a workforce that is both motivated and secure. Therefore it is critical for CISOs...
CISOs are bombarded with pitches from security product vendors, that all sound the same “We give the CISO visibility“. They tout their dashboards, each claiming to offer the most comprehensive, in-depth view of the security landscape, send alerts to the SIEM or give you various reports. But here’s the truth: visibility without actionability is just noise. The problem with...
“What does a Cyber Security Practice Model should look like?”, I’ve been asked that question many times over the years, and with the lack of standard in this field, I had and also heard different answers. Ultimately, I was looking for a simple model where the building blocks of a security practice can be understood even by those who are not experts in the filed. The model I came...
Recently I finished reading the book Range: Why Generalists Triumph in a Specialized World by David Epstein, which I find not only interesting but very relevant to Cybersecurity. Our world is becoming increasingly specialized, and it’s easy to believe that the key to success is to focus on one thing and become an expert. This is especially true in Cybersecurity where over the years I had...
CISOs talk to each other, a lot!!! even on weekends, and when something is going on the word is getting our fast. We also rely on each other professionally and mentally, and some time even emotionally. A few weeks ago, in a conversation with other CISO friends. I expressed my frustration about a sales tactic a Business Development Representative (BDR) tried to use on me, and boy the flood gates...
A few years ago I watched Simon Sinek excellent talk “Most Leaders Don’t Even know the game they are in” and it changed completely how I am thinking about practicing cybersecurity. In his talk, Sinek presented the concept of finite vs. infinite games, and how this concept applies to leadership. Finite game vs. infinite game A finite game as a game with known players, fixed...
In the previous post (Part 1), we explored some business questions you, the prospective CISO, should ask to truly grasp the organization’s landscape and set yourself up for success. In this part we will focus on questions about the position itself. This is important because the previous questions were understanding the company’s DNA, and gain understanding if the organization and its culture are...
Landing a CISO interview is thrilling, especially for newcomers! But be prepared for a marathon. These interviews can involve multiple rounds with numerous participants, particularly if it’s the organization’s first CISO hire. The most I ever had was 19 people who interviewed me. Yes, you read it right! So why does it take so long? because many times organizations don’t really...
CISO's perspective from the frontlines