6 Types of CISO, Habits of Highly Effective CISOs, 10 Key Security Projects – BSW #189
In the Leadership and Communications section, 6 types of CISO and the companies they thrive in, What are the habits of highly effective CISOs, Cybersecurity is Not a Four-Letter Word, and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. 6 types of CISO and the companies they thrive in - There are six types of CISOs depending on the type of organization they work and their personality type, according to Forrester: 1. Transformational: Often "energized" to dive into a three- to five-year transformational initiative, said Pollard. These individuals tend to enjoy turn-around projects and watching business outcomes unfold. 2. Post-breach: Thrive in turbulence; they take on rebuilding a company's security organization while mitigation and PR crises play out in the background. These CISOs don't mind the possibility of becoming "the punching bag" for vendor presentations in the future, said Pollard. 3. Compliance guru: Typically work in highly regulated industries and are fluent in regulatory bodies and acronyms: HIPAA, CCPA, FDA, etc. 4. Tactical/operational: Action-oriented and can sift through technical complications. 5. Steady state: One of Pollard's favorite types because they usually serve at companies that don't need immediate transformation. "Maybe the company is OK right now," he said. 6. Customer-facing/evangelist: Unafraid, and rather enjoys being their company's spokesperson for cybersecurity. Tech companies often have this kind of CISO because they can appeal to customers with their charisma.
- 2. What are the habits of highly effective CISOs? - Most effective CISOs constantly initiate discussions on evolving cyber security norms to stay ahead of threats; prioritise keeping their organisation’s decision-makers aware of current and future risks; proactively engage in seeking out and security emerging security technology; implement formal and actionable success plans; and define their organisation’s risk appetite through collaboration with decision-makers.
- 3. Cybersecurity Is Not A Four-Letter Word - Why we don’t talk about cyber security: 1. We don’t understand fully 2. We can’t see it 3. It's terrifying
- 4. 7 Strategies for Better Group Decision-Making - Based on behavioral and decision science research and years of application experience, we have identified seven simple strategies for more effective group decision making: 1. Keep the group small when you need to make an important decision. 2. Choose a heterogenous group over a homogenous one (most of the time). 3. Appoint a strategic dissenter (or even two). 4. Collect opinions independently. 5. Provide a safe space to speak up. 6. Don’t over-rely on experts. 7. Share collective responsibility.
- 5. Gartner: 10 key security projects through 2021 - If there's time and resources for more projects, here are Gartner's top security projects through 2021: 1. Securing the remote workforce 2. Risk-based vulnerability management 3. Platform approach to detection and response 4. Cloud security posture management 5. Simplify cloud access controls 6. DMARC 7. Passwordless authentication 8. Data classification and protection 9. Workforce competencies assessment 10. Security risk assessment automation
- 6. What security needs to know before diving into SaaS contracts - If employees don't engage with security red flags, the agreement fails to address the underlying issue: an application outside of a company's risk appetite.