How to CISO

Tag: ciso

  • (coming soon) How to CISO Volume 0: The CISO Job Description

    (coming soon) How to CISO Volume 0: The CISO Job Description

    by

    Andy Ellis
    in

    If a company could design a perfect CISO, they would be able to seamlessly move between multiple disciplines, filling a number of critical roles. While no individual is likely to actually fill all of these roles, it’s valuable to understand all of the possibilities, to assess the development needs of the incumbent against all of…

  • Preview: How to CISO Volume 2: Risk Measurement

    Preview: How to CISO Volume 2: Risk Measurement

    by

    Andy Ellis
    in

    As a CISO, you’re often going to be asked to measure risk. This has a lot of different meanings, depending on who is speaking, so you’re going to have to listen carefully to the speaker to understand what they’re actually asking for. It’s possible that you’re being asked to provide a quantitative answer to the…

  • The Death of the CIO

    The Death of the CIO

    by

    Andy Ellis
    in

    CISOs grew up in the CIO’s blindspot. As cloud and SaaS bring IT and security back together, which will survive their impending deathmatch? A half-century ago, most corporations were paper-native: Their business processes all executed on paper from both back office (accounting) to go-to-market functions (sales and marketing). Their businesses were location-native: Revenue was often…

  • How to CISO Volume 1: The First 91 Days

    How to CISO Volume 1: The First 91 Days

    by

    Andy Ellis
    in

    Ninety days is generally the grace period (or “honeymoon,” if you’d like) that a new executive has to get acclimated to a new environment. At the end of this time window, your employer is going to expect you to be executing on a plan, anyone you need to meet will expect you to have already…

  • We don’t need another infosec hero

    We don’t need another infosec hero

    by

    Andy Ellis
    in

    By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement. There’s this belief among a lot of security professionals that we are special, in that we are the defenders of our companies.  We like to…

  • CISOs are still chiefs in name only

    CISOs are still chiefs in name only

    by

    Andy Ellis
    in

    If you’re not in the meeting where decisions are made, then you’re not part of the C-Suite—whatever your title may be. Look around the CISO community, and you’ll find signs of burnout everywhere.   Where CISOs aren’t just quitting, you’ll find increasing tension between them and their executives, sometimes resulting in surprising departures. Ply a friendly CISO with…