CISO Perspective on the RSA Security Conference

I’ve spent a good amount of time talking to CISOs over the last few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Security Conference in a few weeks. Based upon my meetings, here’s a sample of what CISOs will be looking for in San Francisco:

Topics: Cybersecurity threat intelligence CISO SOAPA

The Proactive CISO

I’ve spent a good amount of time speaking with CISOs over the past month and plan to write up a report about what I’m learning sometime after the RSA Security Conference. In the meantime, it’s become crystal clear to me that CISOs are becoming more and more proactive in their jobs in a few areas including:

Topics: Cybersecurity threat intelligence CISO privacy GDPR

What’s on CISO's Minds in 2018?

I’ve just begun a research project on CISO priorities in 2018. What I’m finding so far is that CISOs are increasing their focus in several areas including the following:

  1. Business risk. Yes, CISOs have always been employed to protect critical business assets but in the past, this was really executed with a bottom-up perspective – from IT and security infrastructure up to business processes. Fast forward to 2018 and CISOs are moving to a top down view from business processes down to the technology. This broadens their view of risk and mandates that security controls work collectively to protect ALL the technologies used to accomplish business processes. This is a profound change that challenges even the best CISOs and security organizations.
Topics: Cybersecurity risk management data security CISO identity management security awareness training

Cybersecurity Job Fatigue

According to ESG research, 51% of organizations report having a problematic shortage of cybersecurity skills in 2018. This is up from 45% in 2017. 

Topics: cybersecurity skills shortage CISO ISSA cybersecurity career

Why Do CISOs Change Jobs So Frequently?

Happy 2018 everyone – let’s hope that this is a good year for cybersecurity professionals and global cyber safety. 

Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos. 

Topics: Cybersecurity cybersecurity skills shortage CISO

CISO’s New Year’s Resolutions

Most people have a few New Year’s resolutions – lose some weight, exercise more, spend more time with the family, etc. Based upon ESG research and many discussions with cybersecurity professionals, here’s a list of New Year’s resolutions for enterprise CISOs:

  1. Lead the effort to make cybersecurity part of the organizational culture. ESG/ISSA research indicates that 24% of organizations claim that business managers still don’t understand or support the right level of cybersecurity. In 2018, CISOs must alter this cybersecurity ignorance and apathy. How? Make a concerted effort to gain the CEO's support. Establish regular communications with all line-of-business managers. Work to better quantify risk in ways that business managers can understand and act upon. Get involved with business process initiatives before software developers begin writing code. Push HR for more hands-on training. Walk the floor and meet employees on a regular basis. CISOs must push as hard as they can in 2018. Those that make a difference can have a personal impact on risk mitigation across the organization. Those that fail should be ready to seek other employment in 2019.
Topics: Cybersecurity CISO ISSA SOAPA

What Defines Job Satisfaction for Cybersecurity Professionals?

Everyone is busy writing their cybersecurity predictions for 2018 and while I haven’t published my list yet, here’s an easy call – the cybersecurity skills shortage will continue to be an existential threat in 2018. 

As a review, here are a few data points that lead me to this conclusion:

    • 45% of organizations claim to have a problematic shortage of cybersecurity skills in 2017. By the way, 46% of organizations claimed to have a problematic shortage of cybersecurity skills in 2016, so things are not improving.
Topics: Cybersecurity cybersecurity skills shortage CISO ISSA

Cybersecurity Professionals Aren’t Keeping Up with Training

I’ve written a lot about the cybersecurity skills shortage lately, based upon data from a new research report titled, The Life and Times of Cybersecurity Professionals, a collaborative effort done by ESG and the information systems security association (ISSA). The report indicates that:

  • 70% of cybersecurity professionals believe that their organizations have been impacted by the cybersecurity skills shortage.
Topics: Cybersecurity cybersecurity skills shortage CISO ISSA

What’s Holding Back Enterprise Security Technology Transformation?

Last week, I wrote a blog about the rapid cycle of innovation happening with security technologies today – I’ve never experienced a time when every element of the security stack is transforming.

New security technologies are arriving at an opportune time. According to ESG research, 69% have increased their cybersecurity budgets in 2017 and my guess is that they will continue to increase investment in 2018. And when asked which BUSINESS initiatives will drive the most IT spending, 39% of organizations responded, “increasing cybersecurity protection.” This means that business executives are buying into the need for cybersecurity improvements all around. 

Topics: Network Security Cybersecurity SIEM CISO cloud security ISSA

Time to Embrace a Security Management Plane in the Cloud

There’s an old saying that change is the enemy of security. To avoid disruptive changes, many cybersecurity professionals strive for tight control of their environment and this control extends to the management of security technologies. Experienced cybersecurity professionals often opt to install management servers and software on their networks so that management and staff “owns” their technologies and can control everything they can.

Now this type of control has long been thought of as a security best practice so many CISOs continue to eschew an alternative model: a cloud-based security management control plane. 

Topics: Cybersecurity SaaS SIEM CISO Security Management software-as-a-service (SaaS) SOAPA