Tag: Strategies
Some of you may remember a time when national security was a question of police officers protecting individuals from crime on the street, or the Army’s defence against international threats. Today, that picture looks very different. If anything, it is more volatile, uncertain and complex than it was in the past because it is now…
Read MoreLike many of my peers, I marvel at the amazing ways the cloud has changed our lives and how we work. At the same time, I’ve lost untold hours of sleep worrying about the security risks this transformation creates. As a CISO, I spend a big chunk of every day planning for, evaluating, and…
Read MoreHi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness. As you may or may not know, I spent…
Read MoreAutomation Risks There are a number of container and automation frameworks out there that seek to make scale as effortless as the click of a mouse. Some of them are rising quickly due to the excitement over containers, like Mesos and Kubernetes. Others have been around for a while—think Puppet, Chef, VMware, Cisco, and OpenStack.…
Read MoreWhen someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom. Just watch one episode of The Big Bang Theory and you’ll recognize the classic nerd character types. Those who behave in that manner tend to get marginalized by executives. We’ve all probably seen…
Read MoreAn important part of an information security professional’s job is communicating risk. Clear, concise communication that leadership can understand and act upon is the heart of a risk management system. The challenge is that many IT risk scenarios appear abstract, vague, or irrelevant to colleagues working outside of InfoSec. Consider a common interaction that might…
Read MoreCISOs have a lot on their plates. In addition to overseeing security operations and projects, they also lead and advise their organizations regarding risk. In short, a CISO must grapple with numerous obligations of varying size and complexity. The obvious obligations, such as compliance with regulations and laws, can take up a significant part of…
Read MoreThe CISO can use these techniques to adjust the appropriate subsystems to move and maintain interactions to the desired level. Let’s unpack an example of doing this. Here’s a common security problem: applications and data are spread around everywhere—on the local networks, on laptops at home, on personal machines, on mobile devices, and in…
Read MoreRecapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound! Source link lol
Read MoreBeyond the overall status of the program, you need be able explain cyber risk in terms that executives can understand. Keep it simple and remember this important nuance: many people don’t realize that risk has two components: likelihood and impact. For example, some people tend to react to catastrophic impacts (what are we doing…
Read More