The Evolution of the CISO

We are seeing that in quite a few organizations the Chief Information Security Officer (CISO) role is going through a period of transition. Leading organizations that didn’t have a CISO role are now actively scoping the responsibilities of this role. To date, the security budget often remains a fraction of total IT spend, and a…

Details

Making Insurance Part of Your Enterprise Risk Management Program – Part Two

In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy. Part Two: A Very Brief History of Insurance and Coffee Houses Coffee houses or cafés have served as centers of social interaction for patrons…

Details

RSA Conference 2016 – Real-world Metrics, Security Shark Tank and Other Important Highlights

RSA Conference 2016 was a great opportunity to connect with the expansive and expanding world of information security. Just like the threat landscape is continuously changing, so is the landscape of security technology and solution providers to help combat this growing risk. Initially, I was shocked by the volume of people attending the conference. However,…

Details

RSA Conference 2016 Highlights – IT Security as a True Part of the Business

RSA provides great opportunities for the CISO to learn in a compressed and diverse way to help further the implementation and management of their IT Security Programs. My goal this year was to look for guidance that didn’t focus on the old view of aligning the IT Security Program with the business. Mostly this message had the IT Security Program engaging in technical security with a goal of not upsetting business leaders. I was looking for sessions that…

Details

First Sharknados, Now Cyber Pathogens – What’s Next?

I guess it’s time to admit that I might be getting older.  When will the adults of the world take back the media and create a Bull S*** rating system.  We have a rating system for movies: “Rated PG: Parental guidance suggested – some material may not be suitable for children. Rated PG-13: Parents strongly cautioned…

Details

An Assessment of the Framework for Improving Critical Infrastructure Cybersecurity – Part 5

In this five-part series CISO Brian Lozada examines the state of cybersecurity in our nation’s critical infrastructure, what is at risk, what makes it unique and what measures can be taken to bolster its safeguards. Review of the first four installments In the first article in this series, I addressed the growing possibility of cyberwarfare. Many…

Details

CISOs Offer Tips, Share Experiences for Navigating the RSA Conference Week

RSA Conference week can be overwhelming from a scheduling standpoint. Between conference sessions, vendor meetings and unlimited networking opportunities, a CISO’s time is in short supply and high demand. Below, seasoned CISOs share their personal best practices for managing time, maximizing value and making the most of the RSA Conference experience. For more in-depth insight, read…

Details

A CISO’s Guide to RSA Conference 2016

Look, let’s be frank – the week of the RSA Conference is a scheduling nightmare. On easy days it takes effort to manage, and on difficult days it’s completely unwieldy. There are more sessions, activities, keynotes, networking events and ancillary get-togethers than you can possibly imagine, both in and around the actual conference. With the…

Details

Better than Expected Results: Security Training for Developers in a Large Enterprise

In 2015, I was tasked with creating and delivering a security curriculum for “any takers” from within our 1200+ global innovation organization at Pitney Bowes. This was part of a continuous learning initiative that included 10 different key technologies for Pitney Bowes. Our approach was to utilize in-house experts to lead each technology topic, and…

Details