Successful security leaders don’t quit in the face of obstacles. They go the extra mile for their security program and understand that cybersecurity isn’t just a technical problem. It’s a people and organizational problem. That makes it critical to align… Continue reading
When the CISO doesn’t report at the right level of an organization, misalignment between security, IT, the business, and the larger public ecosystems it serves will surely result. Such misalignment often leads to dire consequences, increasing the chance of breaches… Continue reading
Is your security organization struggling with skills shortages, budgets, conflicting priorities, a complex IT security environment, a lack of stakeholder buy-in and internal customer adoption, or all the above?
Statistics collected from surveys described in the book “… Continue reading
Could it be that a simple misunderstanding of what cybersecurity means is creating much of the disconnect between business and security leaders that often makes security programs ineffective? According to one security leader who’s worked as a Chief Information Security… Continue reading
My book, Rational Cybersecurity for Business: The Security Leader’s Guide to Business Alignment contains 50 Keys to Alignment that accentuate the guidance. I’m writing about these keys in a “50 keys” blog series. This page conveniently summarizes all the keys… Continue reading
The COVID-19 pandemic is creating emergent risks and cybersecurity challenges. Chief Information Security Officers (CISOs) and other security organization leaders are on the firing line, finding themselves responsible for everything from remote access security to business continuity management (BCM) to… Continue reading
Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading