CISO Delegation to Receive Access to Some of the ‘Startup Nation’s’ Most Compelling Security Technology

CISOs Connect™, an organization dedicated to the professional development of its exclusive community of chief information security officers, is going global with an inaugural trip to Israel, the epicenter of so many exciting cybersecurity innovations.

Uri Dromi, a confidant of legendary Israeli Prime Ministers Yitzhak Rabin and Shimon Peres, will address the delegation of leading CISOs at a welcome dinner hosted by Noname Security that will kick off a week of unprecedented access to some of the most compelling technology in a country rightly dubbed the Startup Nation.

David Cass, the president of CISOs Connect and CISO at GSR, will lead the delegation which includes our CISO in residence Kevin McKenzie, our board member Endré Walls, and other CISOs such as:

Anthony Gonzalez, QBE CISO, North America
John Hoyt, Clemson University CISO
Joey Johnson, Premise Health CISO
Matt Lemon, Huawei CISO
Tomás Maldonado, NFL CISO
Brian Miller, Healthfirst CISO
Neda Pitt, Belk CISO
Anahi Santiago, ChristianaCare CISO

“As CISOs Connect seeks to expand its offerings to its community, giving our invitation-only membership access to exciting developments in cybersecurity is one of our paramount purposes,” said Aimee Rhodes, CEO, CISOs Connect. “Our aim is to provide our members with truly unique experiences and information, and with this inaugural trip to Israel, we will be introducing our delegation to a world of pioneering technology that can help to make their organizations safer and more secure.”

Top VC firms are also partnering with the delegation. YL Ventures will helm a roundtable discussion on the venture capital landscape and introduce the CISOs to its stealth companies. Greenfield Ventures will sponsor a sunset beach cocktail reception. SignalFire will host the delegation for a taste of Tel Aviv with a dinner.

OpenPolicy, a tech-enabled policy and advocacy company, will host the delegation for dinner in the Jerusalem mountains while Avalor, the data fabric for security that organizes security information and makes it actionable, will accompany the group on a food-tasting extravaganza of the Carmel Market.

Asset visibility and management have become crucial in a world of ever-increasing connectivity, and the delegation will visit the offices of Claroty, whose technology offers a holistic approach to industrial cybersecurity, and Armis, which became Israel’s biggest cybersecurity acquisition in 2020. Relationship-building on a personal level will continue at dinners they host.

The visit has been timed to coincide with Cyber Week Israel, CISOs Connect’s partner and one of the most important events on the global cybersecurity calendar. Delegation members will also speak at the conference. CISOs Connect also will hold at Cyber Week its signature Security Shark Tank with some of the trailblazers on Israel’s cyber scene: Cyber Convoy, Zero Networks, Onyxia, Rescana, Seal Security and Bright Security.

A gala dinner will cap a week of lifelong memories that cannot be reproduced in a corporate setting.

Because Israel itself is such a fascinating destination, the delegation will also be touring some of the sites that make the country a must-see: Jerusalem, with Cyber Convoy joining the delegation for a tour of the magical cradle of the three monotheistic religions; Masada, with Kiteworks joining the delegation for a visit to the dramatic mountain plateau where the final battle between the Romans and the Jews ended with a shocking discovery; and the Dead Sea, the legendary salt lake situated at the lowest point in the world. And last but not least, the delegation will be taking on Tel Aviv, Israel’s commercial and cultural hub, the center of its tech scene, and a world-renowned destination for both fine dining and street food.

Joining the delegation will be our partners Qnary, an executive reputation management and talent branding solutions company; attorney Daniel Garrie, the co-founder of Law & Forensics and a member of the board of the Legal Cyber Academy; and executive compensation expert, attorney Loretta Richard.

About CISOs Connect™:

Professional development and networking are crucial elements of a CISO’s career arc. CISOs Connect, an exclusive, invitation-only community of chief information security officers, was founded to address those needs.

Membership in CISOs Connect offers an array of benefits that can’t be found elsewhere. Our peer-driven original research, analysis and professional commentary offer exceptional value-added content. In-person events and online sessions offer a marketplace of ideas.

Our partnerships with leading social media experts and executive recruiters give you an opportunity to build your company’s brand, your brand and promote your career. We have an executive compensation expert on our board as an adviser. Members are encouraged to position themselves as thought leaders by blogging on our CISOs Connect and Security Current sites, and our Spotlights profile top industry executives.

CISOs Connect C100 Award is a leading industry recognition paying tribute to 100 pre-eminent security leaders across the U.S. and Canada. And as technological tools proliferate, we help members try to winnow out the best of the best with our CISO Choice Awards, which recognizes key leaders in technology and business categories.

As an organization that gives back, CISOs Connect places great importance on mentoring and sharing expertise with rising cybersecurity professionals, in the interest of further securing and protecting organizations in the U.S. and worldwide.

The post CISOs Connect™ Goes Global with an Inaugural Trip to Cyber Week Israel appeared first on Security Current.

CISO Board of Judges Pays Tribute to Their US and Canadian Peers Who Protect Our Organizations and Give Back

CISOs Connect™, an exclusive CISO membership-only community of Security Current®, today opened nominations for its 2023 CISOs Top 100 CISOs (C100) awards and announced the Esteemed CISO Board of Judges that will select the recipients of this leading industry recognition, honoring the pre-eminent security leaders across the United States and Canada.

The C100 pays tribute to the achievements of an exceptional group of battle-tested Chief Information Security Officers who see paramount value in sharing the benefit of their experience with others in the industry, in the interest of safeguarding organizations in the US and worldwide.

What sets this award apart from other forms of industry recognition is the transparency of the process, with defined criteria for eligibility and a declared board of judges that will choose the winners. Nominations can be self-submitted or put forward by a third party. There is no fee. The submission deadline is April 17, 2023.

Key benchmarks for consideration include:

• CISO or equivalent at an end-user enterprise or organization for at least five years
• Involvement and leadership roles in professional organizations
• Security-related volunteering and activism
• Mentoring, educating and training future cybersecurity professionals across functions

Nominate here: https://www.research.net/r/C1002023Application

“At a time when the role of the CISO is becoming more visible and more valued, it is especially important for industry professionals to recognize the best among us who toil tirelessly to protect our institutions and pass on a legacy of giving back to the community,” said Endré Jarraux Walls, EVP Chief Operations & Technology Officer of Customers Bank. “The C100 awards bestow an esteem that is untainted by financial considerations or personal bias, making it an infinitely more significant and sought-after honor. Kudos to CISOs Connect for making this happen.”

The following industry leaders are serving on the Distinguished CISO Board:

Blue Cross Blue Shield Association VP & CISO Chris Lugo
Carnival Corporation Global CIO Devon Bryan
ChristianaCare CISO Anahi Santiago
CLEAR EVP & CISO Rick Patterson
CN CISO Vaughn Hazen
Customers Bank EVP Chief Operations & Technology Officer Endré Jarraux Walls
Driven Brands VP & CISO Kevin Morrison
First Quality Enterprises CISO Ariel Litvin
Marsh Global CISO Dan Bowden
McKesson SVP & Global CISO Michael McNeil
Otis Elevator VP & CISO Mario Memmo
Prologis VP, IT Governance & CISO Sue Lapierre

“It is an honor to serve on the Esteemed Board of Judges that will select this group of standout professionals,” said Sue Lapierre, VP, IT Governance and CISO of Prologis. “As longstanding security practitioners, we board members appreciate the formidable tasks CISOs face every day, and the relentless pressures they have to deal with. Those who summon even more dedication by sharing their expertise with others deserve special commendation for boosting the industry as a whole. That is the purpose of these awards: to celebrate the elite among us, so they may serve as examples to others.”

As a fundamental part of their mission to support and recognize the CISOs unceasing efforts to safeguard their enterprises and organizations globally, CISOs Connect™ partnered with the following organizations to make the C100 possible:

Black Kite
Forte Group
Mayfield Investments
Morgan Franklin Consulting
Uptycs

“The C100 Awards are an unparalleled opportunity for a select slate of CISOs to choose an elite group of colleagues for recognition,” said Paul Paget, CEO of Black Kite. “Awardees distinguish themselves not only by their professional prowess, but also by their commitment to giving back to their community.

“What makes these awards even more special is the unique transparency of the selection process and lack of commercial considerations. I am honored to have an opportunity to partner with CISOs Connect to bestow these well-deserved accolades to the C100 recipients.”

Nominate here: https://www.research.net/r/C1002023Application

Read the Press Release here: https://prn.to/3Iu5Q9u

About CISOs Connect

CISOs Connect™ is an exclusive membership-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this community allows cyber experts to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.

CISOs Connect™ is part of Security Current™, known for its Security Shark Tank® and is lauded for its CISO driven content, knowledge sharing, and community. It is purpose-built and led by the top CISOs in North America.

The post CISOs Connect™ Opens Nominations for its 2023 CISOs Top 100 CISOs (C100) Recognition and Announces Esteemed CISO Board of Judges appeared first on Security Current.

The winners of the C100 Award are listed in alphabetical order by first name.

Companies and job titles listed are based on the time the winner was selected.

All awardees are CISOs or CISO equivalents.

Kevin McKenzie, Dollar Tree Inc. Enterprise Chief Information Security Officer and Vice-President of Information Technology

Patricia Titus, Markel Corporation CISO & Chief Privacy Officer

Dr. Adrian M. Mayers, Premera Blue Cross Vice President & Chief Information Security Officer

Aman Raheja, Humana Chief Information Security Officer & Head of IT Operations

Ana Roldan, Nova Southeastern University Executive Director & Chief Technology Officer

Ann Delenela, Entergy Vice President & Chief Information Security Officer

Annessa McKenzie, ConocoPhillips Chief Information Security Officer

Dr. Arun DeSouza, Nexteer Automotive Corporation Chief Information Security & Privacy Officer

Ben Sapiro, Canada Life Head of Technology Risk & Chief Information Security Officer

Benjamin Corll, Coats Group Vice President of Cybersecurity

Brad Maiorino, Raytheon Technologies Chief Information Security Officer

Bradley Schaufenbuel, Paychex Vice President and Chief Information Security Officer

Brandon Champion, GE Power Conversion Chief Information Security Officer

Bret Arsenault, Microsoft Corp. Chief Information Security Officer

Brett Conlon, American Century Investments Chief Information Security Officer

Brett Wahlin, Activision Blizzard Senior Vice President & Chief Information Security Officer

Brian Miller, Healthfirst Chief Information Security Officer

Chandra McMahon, CVS Health Senior Vice President & Chief Information Security Officer

Chris McLaughlin, Johns Manville Chief Information Security Officer

Christopher Porter, Fannie Mae Senior Vice President & Chief Information Security Officer

Colin Anderson, Ceridian Senior Vice President & Chief Information Security Officer

Craig Froelich, Bank of America Chief Information Security Officer

Dr. Cris V. Ewell, NRC Health Chief Security and Privacy Officer

Dan Bowden, Marsh Global Chief Information Security Officer

Dr. Darren Death, ASRC Federal Vice President of Information Security & Chief Information Security Officer

Dave Estlick, Chipotle Mexican Grill Vice President and Chief Information Security Officer

David Hahn, CDK Global Chief Information Security Officer

David Levine, Ricoh USA Inc. Vice President of Corporate and Information Security and CSO

David Ortiz, Church & Dwight Global Chief Information Security Officer

David Shaw, UCLA Information Technology Services Chief Information Security Officer

David Sheidlower, Turner Construction Company Vice President and Chief Information Security and Privacy Officer

David Sherry, Princeton University Chief Information Security Officer

Deneen DeFiore, United Airlines Vice President & Chief Information Security Officer

Devon Bryan, Carnival Corporation Global Chief Information Security Officer

Donna Ross, Radian Group Inc. Executive Vice President, Chief Information Security Officer

Endré Jarraux Walls, Customers Bank EVP & Chief Information Security Officer

Eric Hussey, Aptiv Vice President & Global Chief Information Security Officer 

Erik Decker, Intermountain Healthcare Assistant Vice President – Chief Information Security Officer

Erik Hart, Cushman & Wakefield Chief Information Security Officer

Frank Aiello, MAXIMUS Senior Vice President, Chief Information Security Officer

Dr. Fred Kwong, DeVry University Vice President & Chief Information Security Officer

Dr. Garrett Smiley, Serco Chief Information Security Officer / Vice President of Information Security

Gary Harbison, Bayer SVP, Global Chief Information Security Officer

Greg Bee, Pekin Insurance VP – Chief Risk Officer & Chief Information Security Officer

Holly Ridgeway, Citizens Financial Group, Inc EVP Chief Security Officer

Hussein Syed, RWJBarnabas Health Vice President & Chief Information Security Officer

Jairo Orea, Royal Caribbean Group Global Chief Information Security Officer

James Baird, Focus Brands Chief Information Security Officer

Jason Witty, United Services Automobile Association (USAA) Chief Security Officer

Jasper Ossentjuk, NielsenIQ Senior Vice President & Global Chief Information Security Officer 

Jeffrey W. Brown, State of Connecticut Chief Information Security Officer 

Jim Cameli, Walgreens Boots Alliance Global Chief Information Security Officer & Corporate VP

Jim Goddard, Hellman & Friedman Senior Operating Executive & Chief Security Officer

Joey Johnson, Premise Health Chief Information Security Officer

John Virden, Miami University Chief Information Security Officer & Assistant Vice President of Security, Compliance and Risk Management

Dr. Jorge Llano, New York City Housing Authority Chief Security Officer

Joseph Dyer, ICF International Vice President & Chief Information Security Officer

Justin Metallo, Volkswagen Financial Services Chief Information Security Officer

Keith Wilson, W. R. Berkley Corporation Global Chief Information Security Officer

Ken Athanasiou, VF Corporation Vice President & Chief Information Security Officer

Kevin Morrison, Driven Brands Vice President & Chief Information Security Officer

Kimberly Trapani, American Tire Distributors SVP & Chief Security Officer / Chief Digital Security Officer

Kostas Georgakopoulos, Mondelēz International Inc. Vice President & Global Chief Technology and Information Security Officer

Laura Deaner, Northwestern Mutual Chief Information Security Officer

Leon Ravenna, KAR Global Chief Information Security Officer & Chief Information Officer

Lester Godsey, Maricopa County Chief Information Security Officer 

Marcos Marrero, H.I.G. Capital Chief Information Security Officer

Mark Eggleston, CSC Chief Information Security Officer

Dr. Mark Leary, Regeneron Pharmaceuticals, Inc. Global Chief Information Security Officer

Marnie Wilking, Wayfair Global Head of Security and IT Risk Management

Michael Hanson, Solidigm Chief Information Security Officer

Michael McNeil, McKesson Senior Vice President, Global Chief Information Security Officer

Michael Palmer, Hearst Chief Information Security Officer

Montae Brockett, DC Department of Human Services (DHS) Chief Information Security Officer

Nabeel Yousif, Flexiti VP Information Security & DevSecOps Engineering & Chief Information Security Officer

Nazrin Rezai, Verizon Senior Vice President & Chief Information Security Officer

Peeyush Patel, Careem (Uber Company) Chief Information Security Officer

Phil Venables, Google Cloud Chief Information Security Officer & Google Vice President

Rafi Khan, NJ TRANSIT Chief Information Security Officer

Randall Frietzsche, Denver Health Enterprise Chief Information Security Officer 

Raymond Umerley, Pitney Bowes Vice President, Chief Information Risk Officer

Dr. Robert K Pittman Jr, San Bernardino County – Innovation and Technology Department Chief Information Security Officer

Roland Cloutier, TikTok Global Chief Security Officer 

Ron Green, Mastercard Executive Vice President & Chief Security Officer

Sam Masiello, The Anschutz Corporation Chief Information Security Officer

Scott vonFischer, LyondellBasell Senior Director of Global Cybersecurity

Shaun Khalfan, Discover Financial Services SVP, Chief Information Security Officer

Shaun Marion, Mc Donald’s Vice President & Chief Information Security Officer

Sherron Burgess, BCD Travel Senior Vice President & Chief Information Security Officer

Sheryl Hanchar, Cobham Advanced Electronic Solutions Vice President & Chief Information Security Officer

Stephen Davis, Revlon Inc. CVP & Chief Information Security Officer

Sue Williams Lapierre, Prologis Vice President, IT Governance, Information Security Officer

Supro Ghose, EagleBank Senior Vice President & Chief Information Security Officer 

Tammy Klotz, Covanta Chief Information Security Officer

Tim Callahan, Aflac Senior Vice President, Global Security; Chief Security Officer

Tim McKnight, SAP EVP & Chief Security Officer 

Dr. Tolgay Kizilelma, Sutter Health Information Security Officer

Dr. Trebor Z. Evans, Dollar Bank, FSB Senior Vice President & Chief Information Security Officer 

Vaughn Hazen, CN Rail Chief Information Security Officer

William Scadrett, Allina Health Vice President & Chief Information Security Officer

Dr. Yonesy Núñez, Jack Henry & Associates (Jack Henry) Chief Information Security Officer

Zaki Abbas, Brookfield Asset Management Senior Vice President & Chief Information Security Officer

The post Congratulations to the 2022 C100 Winners appeared first on Security Current.

Education of potential victims remains the most effective defense against social engineering, the European Union’s law enforcement agency Europol says, and cybersecurity executives must strengthen industry-wide cooperation as well as with governments and the rest of the private sector.

Other sources of threats among cyber-dependent crimes are ransomware and Distributed Denial of Service Attacks, according to the Internet Organized Crime Threat Assessment produced by the European Union Agency for Law Enforcement Cooperation.

“Illegal acquisition of data following data breaches is a prominent threat,” said Catherine de Bolle, Europol executive director. “Criminals often use the obtained data to facilitate further criminal activity.”

According to the IOCTA, which drew from law enforcement statistics of EU member-nations, personal data – which can be used for account hijacking or identity theft and subsequent bank fraud – is most commonly compromised, followed by payment and medical data.

Europol defines cyber-dependent crimes as those that can only be committed using computers, computer networks or other forms of information communication technology. These include the creation and spread of malware, hacking to steal sensitive personal or industry data and denial of service attacks to cause financial and/or reputational damage.

“Social engineering threats were overwhelmingly prominent in reporting from our contributors in the financial sector,” Europol said. Phishing remains as the prime example of social engineering, which continues to grow in significance as criminals use it to “obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince the victim to proceed with any other activity against their self-interest, such as transferring money or sharing personal data.”

Spam and phishing are most commonly used to obtain an initial foothold on a victim’s device.

The Anti-Phishing Working Group has noted an increase in the use of HTTPS encryption protocol by phishing sites, from 5% of sites in 2016 to nearly one third of sites in 2017.

Europol makes a distinction between a site’s SSL certification and legitimacy or safety. The familiar green padlock (or word ‘Secure’ in the case of Google Chrome), means only that a valid SSL certificate has been obtained for the site and not that the website is either legitimate or even safe. “Attackers exploit the potential confusion this creates to legitimize their phishing sites in the eyes of prospective victims,” the report said.

Aside from business email compromise, advance fee fraud and romance scams still feature prominently in law enforcement reporting. “They often use multiple platforms and still result in significant financial and emotional damage to their victims,” said Europol.

Sixty-five percent of member states confirmed cases of CEO fraud, which occurs when high-ranking individuals in an organization are impersonated.

Other threats

The Europol report said that over one third of organizations faced DDoS attacks in 2017 compared to just 17% in 2016. DDoS attacks are used as a tool against private business and the public sector for financial, ideological, political or purely malicious reasons.

“It is becoming more accessible, low-cost and low-risk,” according to the report.

Other industry reports suggest that DDoS attacks account for approximately 70% of all incidents compromising network integrity.

Several states highlight the availability of booter and stresser services as a major contributing factor to the increasing number of cases and the ease by which an unskilled individual can launch a significant DDoS attacks; a simple online search reveals a considerable number of such services openly advertised for their DDoS capability.

Meanwhile, some estimates place the global loss to ransomware in excess of US$5 million last year. The report also said ransomware will become less random and more targeted as criminals become
more adept and the tools more sophisticated yet easier to obtain. “Fewer attacks [will be] directed toward citizens and more toward small businesses and larger targets where greater potential profits lie,” according to Europol.

The report recalled the WannaCry and NotPetya attacks of 2017 which affected some 350,000 victims in over 150 countries.

“Within the EU, the attacks affected a wide range of key industries and critical infrastructures including health services, telecommunications, transport and manufacturing industries. Later in the year, the Bad Rabbit ransomware hit over 200 victims in Russia and Eastern Europe, again affecting critical infrastructures such as healthcare, transport and financial sectors.”

Cryptomining attacks are more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention.

Affected organizations

In its report the Europol said external malicious actors carried out 73% of breaches, but 28% also involved internal actors. Organized crime groups carried out 50% of breaches, whereas industry reporting attributes 12% of the breaches to state-sponsored actors. Cutting across these actor attributions, industry reporting indicates that 76% of all attacks are financially motivated

“Healthcare organizations are now the most targeted sector, accounting for 24% of breaches, taking over from financial organizations which were top victims in 2016. Accommodation and food services and public sector organizations also account for a significant proportion of victims; 58% of victims can be categorized as small businesses.”

The post Social engineering, ransomware and DDoS top threats to cyber executives in Europe appeared first on Security Current.

CISOs have to watch out for higher security risks in 2019 amid increasing connectivity and greater demand for telecommunication services, The Economist Intelligence Unit said.

In a special report called Telecoms in 2019 released last week, the EIU said the rollout of fifth-generation (5G) technology – intended to support the development of a sharing economy, autonomous technology, artificial intelligence, big data and expanding IoT – will be the vector for the new risks. 

“This brings into sharp focus the trade-offs involved in advanced connectivity,” said the EIU.

5G technology will start rolling out in several markets next year, according to the EIU which covered 60 countries in its study. “In the UK, [mobile network operator and ISP] EE aims to roll out a 5G network by October 2019, well in advance of plans outlined by most European rivals. In the US, Sprint is preparing for 5G rollout in nine states in the first half of 2019, while its competitor, T-Mobile, is also looking at an initial rollout next year.”

Meanwhile, device manufacturers will be ready to deploy 5G-ready smartphones, with Motorola and LG scheduling launches for 2019.

The higher risk comes from businesses using more agile and sophisticated technology to make operations more efficient or to open up new revenue streams.

But it’s not just businesses consuming telecom services in greater ways.

“Consumers are turning to smartphones, tablets and wearables in ever greater numbers, stoking demand for data and forcing operators and technology companies to accommodate increasingly digitally-driven lifestyles,” the EIU said.

According to the EIU, demand for internet services is already high globally and will increase further in 2019. Mobile subscriber numbers will increase from 6.4 billion this year to 6.6 billion in 2019.

In an earlier report on technological readiness, the EIU said that nearly half of the global population had access to the internet in 2017; by 2022, the number is seen to rise to three-quarters. “With broadband penetration already high in the West, most of this growth will come from Latin America and the Middle East, both of which are attracting significant amounts of broadband investment from the private sector.”

Meanwhile, in the Telecoms report, the EIU said: “Many developing nations continue to push for greater internet coverage, especially among rural populations, while networks in mature markets focus on providing greater speed.”

Major data breaches observed this year highlight the need for both governments and the private sector to respond effectively, even as regulations are too far behind the speed of technological advances.

“In the US, the National Defense Authorization Act will include efforts to improve cybersecurity in both the military and civilian life. In the EU, member states will be putting into action the requirements of the 2016 Directive on Security of Network and Information Systems, which includes the establishment of a regional cybersecurity agency,” according to the study.

“A large cyber-attack, particularly against the financial system, health systems or crucial energy assets, could pose a significant geopolitical risk,” the EIU said.

“An attack on a company could cripple supply chains at all levels of society, from transport to food distribution.”

The post Increased connectivity to pose higher cyber risks in 2019 appeared first on Security Current.

The post Darren Death on security hygiene, compliance, and tech-related business conversations appeared first on Security Current.

I was part of a conversation recently where someone stated that they were tired of all this cyber $%^t. It wasn’t the first time I heard such a sentiment expressed. It’s quite common to hear complaints about the importance placed on cybersecurity today.

Unfortunately, those views ignore the rapid changes occurring in our society which are being supported through the adoption of digital technologies. The reality is that most critical/ sensitive information held by organizations is digital. The sad fact is that information has never been so readily accessible by criminals while being so incredibly unprotected. 

There was a time when the things you really cared about were not on the network. Then, it was easier to argue that you did not need cyber protection.

But recent developments have highlighted the need for change related to organizations’ cyber practices. We have seen many large and small breaches in the public and private sector lately. These breaches are a symptom of under-planning /under-costing of the actual scope of a system.

IT Modernization and Cybersecurity

IT modernization and cybersecurity are absolutely tied together. Do not make the mistake of taking on technical debt during this crucial stage in your organization’s development. Modernize your expensive legacy infrastructures while ensuring resilience and security for your organization.

The reality is that an information system costs more in many cases than those who want the system are willing to accept. The cost of properly securing a system is the cost of building a system in our modern era.

As a leader, when you defer important decisions related to your program or information system, you incur technical debt in your environment. Saving money now through inaction or poor decision-making will result in increased costs with interest in the future – when the results of those poor decisions or inaction become a reality.

Cyber Requirements Do Not Exist.

What? Cyber requirements are simply functional requirements that need to be integrated into information systems, tested for effectiveness, and managed throughout the systems life cycle.

As a result, funds must be planned and secured to build your information systems. Since the security of your system is a foundational /functional requirement, the cost of cyber should be built into the system.

When cyber is not accounted for in the planning of an information system, then you have not fully planned for the system.

The reality is that most of the cyber activities you are dealing with are foundational ones, and not the “gold-plated” add-ons that your information security professionals would like to implement.

If you have authority in your organization (Director+, GS15+, etc.) the concepts of cyber are there to protect you and your organization. Use cybersecurity as a tool to improve your organization and ensure that it has resilience.

We Are All in This Together

National security is a shared responsibility. Most of us look at this as something that “they” in government do to protect “us” the citizens.

While that statement is certainly true, we must shift our mindset to see national security as something where we are all doing our part to support the mission of keeping our country strong and reducing the number of weak links in the chain.

We all must insist on secure coding practices, well-patched systems, strong security baselines and so on.

Remember: We have very real and present problems, from the home PC to the largest public or private information systems. The focus on cyber is a response to the incredible and rapid changes that are going on around us every day.

The post The costs of deferring important cyber decisions appeared first on Security Current.

Missed vulnerabilities, insecure processes and malicious insiders may all lead to undesirable outcomes, since you may not have 100% control of these events. Even a direct report may have made an error. But while you may not have control of events, you can choose 100% control of your responses to them, which can lead to better outcomes.

What if you could improve that little something inside of you that makes the difference in your next up-level position? What if you could secure that edge, one that allows you to look through a clear window versus a foggy one.

It is no longer a secret that IQ, education, or experience does not guarantee personal or professional success. For example, there used to be no rhyme or reason as to why some brilliantly educated individuals struggle with negotiating their compensation package, leading a team, or securing that dotted line to their CFO, while others with fewer certifications flourish. Now with a raised awareness, we know that improving our EQ can help us achieve greatness in many areas of life.

Researchers at Cornell University and other institutions have studied ways to measure that edge among more than 500,000 individuals during the last 30 years. They found that little something that allows people to clearly identify their emotions of happiness, sadness, anger, shame, and fear. Until we are able to clearly identify our emotions, we cannot effectively manage them. Nor can we become fully aware of others’ emotions and learn to better manage them as well. This heightened awareness leads to less frustration and a much deeper fullfilment not only in our professional, lives but also our personal ones.

This missing link is the biggest predictor of personal and professional success. It is not always easy to acknowledge EQ’s importance. Many of us are on auto pilot on a daily basis. Our bodies may be present in the peer group meeting, but our minds may wander elsewhere. We go through the motions of mitigating risks on the latest threat while not using mindfulness to elevate our awareness. Sometimes we do not want to take a closer look inwardly, as it may be easier to look outwardly to others hoping they accept the blame. We could say, “Oh well, it is what it is.” Or we could choose to say, “It is what I choose to accept.” Which statement feels more empowering to you?

Unlike IQ and the many certifications in the cybersecurity world, your EQ may be easily improved through a few basic steps and thought patterns.

You can improve your emotional quotient by improving your ability to reduce negative emotions so that these do not affect your mood or judgment. Acknowledge that there are different ways to view a situation and that you have several choices of perceiving it also helps improve EQ.

Finally, when facing adversity, take a step back and ask: What is the lesson in all this? We cannot always control what happens, but we can control how we react to the situation.

Small changes can yield big results. Taking the first step to improve your self-awareness and that of your team will be worthwhile. The benefits will continue to flow and your fulfillment at work and home will grow exponentially.

Victoria Huff is the Founder of TheHappyExecutive.com, an Executive Coach and member of the Forbes Coaches Council. She will lead a group discussion on EQ and leadership on CISOs Connect. It will run from September 1 to September 14.

Schedule your CISO Connect Consult ($125 value) by clicking on this link. https://my.timetrade.com/book/7G5SL

The post EQ: The Big Picture from the CISO’s Window appeared first on Security Current.