Careers, Compliance, Leadership, Privacy

CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO – BSW #233

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

Full episode and show notes


  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at

  • Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at


Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
  1. 1. Who actually owns cyber security: CISO vs. CIO – CyberTalk - Both CISOs and CIOs commonly operate within the cyber security space. A recent survey indicates that 48% of security teams report to a CISO, while 25% report to the CIO. Although there was no measurable difference in terms of strategies deployed by CISOs vs. CIOs, defining who should take cyber security ownership is becoming increasingly important.
  2. 2. The CISO and the C-Suite: How to Achieve Better Working Relations - The CISO is a relatively new arrival to the C-Suite. It’s also one that is still finding its place among more established leadership positions. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed. But to empower them to defend against cyberattacks, the working relationship between the CISO and other members of the C-suite need to shift.
  3. 3. How Should the CSO Work With the Chief Privacy Officer? - The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working.
  4. 4. A Day in the Life of a Modern CISO - A Chief Information Security Officer (CISO) is the highest-ranking in the company’s information security organization. One of the primary objectives of a CISO is to build a security posture that is compliant with legal, regulatory, and contractual obligations of information security. CISOs are also capable of protecting the organization from emerging external and internal threats. A CISO achieves this objective through various organization-level controls and disciplines. 1. Establish a Security Strategy 2. Risk Assessment 3. Security Governance 4. Vulnerability Management 5. Verifications (Audits, Penetration tests, red team exercises) 6. Program Management 7. Leadership 8. People Management
  5. 5. How to Say “No” After Saying “Yes” - Whether you have overbooked yourself, realized you have a conflict, or otherwise can’t or don’t want to participate in a project, it’s essential to uncommit gracefully. Doing so will keep your reputation intact and your relationships strong. The author offers six tips to help you go about saying no after you’ve already said yes with tact and professionalism: 1) Consider the cost. 2) Shift your perspective. 3) Be diplomatic but truthful. 4) Preserve the relationship. 5) Offer an alternative. 6) Learn from it.
  6. 6. Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus? - In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security" 1. Strengthen the Cybersecurity Fundamentals 2. Cybersecurity Must Be a Boardroom Agenda 3. Leverage Intelligent Automation and Other Advanced Technology 4. Shift to A Zero Trust Architecture 5. Focus on Securing Your Cloud Infrastructure 6. Develop Robust Continuity Plans
  7. 7. Decode different types of business interruption insurance - Most business continuity and disaster recovery (BCDR) administrators are aware that business interruption insurance is available to cover some or all downtime-related costs, including lost income. However, many aren't sure what a policy includes or excludes, or how it can be acquired. 1. Add coverage to a property/casualty policy 2. Consider what the plan covers 3. Read the fine print
Ben Carr
Ben Carr
CISO at Cradlepoint
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
prestitial ad