In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can really use, Creating and rolling out an effective cyber security strategy, and more!
Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to "see" you there!
96% of the CISOs acknowledge that they face a well-organized criminal industry motivated by financial gain. Furthermore, 72% of CISOs say adversaries are moving faster than they are, and 69% say their adversaries have improved their attack capabilities in the last 12-18 months.
Although cyberthreat reports should communicate the threats, vulnerabilities, risks and mitigation initiatives, security leaders caution against going into too much detail. Threat reports should include:
- information about threats that could exploit vulnerabilities within the organization
- how the security team is mitigating vulnerabilities
- how its defending against threats and any additional actions that will be taken.
- any news-making events or significant incidents that impacted others, even if they’re not relevant to the CISO’s own organization
- any trends or issues emerging on the horizon, to help avoid surprises down the road.
This article explores how a cyber security strategy that’s effective for office-based, remote and hybrid workforces can be rolled out throughout the organisation.
1. Communication and collaboration
2. Evaluate risks and utilise findings
3. Look beyond the first line of defence
4. Limit access to mission-critical infrastructure
5. Prioritise according to risk and value
6. Relieve strain using cutting edge technologies
The characteristics that leaders we interviewed considered most important in this new era align well with the six paradoxes of leadership described in Blair Sheppard’s recent book, Ten Years to Midnight.
1. Strategic Executor
2. Humble Hero
3. Tech-Savvy Humanist
4. Traditioned Innovator
5. High-Integrity Politician
6. Globally-Minded Localist
Writing a business email? Don’t hit ‘send’ until you’ve completed these key steps.
1. Use a clear and relevant subject line
2. Keep it short
3. Tell them why
4. Add a call to action
5. Be friendly and upbeat
6. Personalize it and make it relevant
7. Test out different subject lines and copy
8. Draft first, then add the recipient’s email
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t...
Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into.
Fitzgerald, T. 2019. Chapter 14. CISO ...
In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!