In the leadership and communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!
The COVID pandemic and spike in cybercriminal activity has raised interest in security among corporate boards. These are the concerns and questions CISOs say they are now hearing from them:
1. Cyber accountability
2. Security status during COVID-19 and beyond
3. Security strategy
4. Benchmarking against industry best practices
5. Resilience to cyberattacks
6. Continuous compliance
Corporate security and IT departments and the people who lead them often have complicated relationships. But does it really have to be that way? Here are four suggestions to improve the relationship:
1. Change the culture of division
2. Early communication and collaboration
3. Don’t sweat org charts
4. Embrace the CISO-as-risk-management-leader model
As CISOs know all too well, change is inevitable—and that includes organizational regime change. Here, security leaders share their best advice for starting new C-suite relationships off on the right foot.
1. Establish your base
2. Strengthen your position
3. Set a new course
High performers in any organization aren’t easy to manage. With their uncanny ability to produce outstanding work and an appetite to solve tough problems, they demand even greater attention and engagement from their managers. Here are 7 proactive steps to manage high performers:
1. Scratch below the surface
2. Connect the dots to learning and growth
3. Let them steer their own ship
4. Seek psychological investment
5. Extend visibility beyond team boundaries
6. Don’t make them your fallback option
7. Establish healthy work boundaries
Colin Fisher, associate professor at University College London’s School of Management, conducted in-depth studies at several companies to determine how managers can effectively help employees who need assistance without demoralizing them. He found that the most effective helpers were the ones who clearly communicated their intentions, timed their interventions at points when people were most receptive, and figured out a rhythm of involvement that best suited their needs.
The list of needed security skills is long and growing. Here are the 10 areas where skills are most in demand for the year ahead:
1. Risk identification and management
2. Technical fundamentals
3. Data management and analysis
7. Threat hunting
8. Interpersonal skills
9. Business acumen
This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bount...
Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security.