Effectively communicating about cybersecurity is an increasing and layered challenge for CISOs, security leaders, communications professionals, business executives and boards.
CISOs are mission driven, focused on securing and defending. Anything that is not directly related to securing or defending may get deprioritized. So, serving up actionable impactful and behavior changing communications doesn’t always take top billing for security leaders as they simply don’t have the time.
What if there was a way to deliver more effective messages to the diverse stakeholders of security — executives, board directors, clients, partners — where we could also measure effectiveness, improve engagement and leverage the skillset and training cybersecurity practitioners already have? …
There are a few different flavors of “Chief of Staff” that have a clear value proposition and yet manifest differently. They may already exist in your organization and are cloaked under different titles such as: program manager, Chief of Staff, COO, Deputy, CAO.
The below list of different ‘flavors’ of CoS is based on my first hand experience and research (yes, research) into this evolving role:
1. GSD (Get Sh*t Done) — This person is the best friggin’ executer in the universe and yet people still like them when it’s done)
2. Front Man — They can deal with all the people and they like it and god bless them. …
It’s January and you’re thinking about your personal “brand.”
But uh, what’s that even mean?
Especially in 2021…
Heading into the new school year, I was thinking about the experience my children will have as they start a new school. Naturally that made me think about the new ‘cycle’ of work we’re headed into as we finalize 2021 plans and settle in to working from anywhere (and with everyone and also no one).
I got to thinking about the companies that I’ve been exposed to and wondered:
How much of a company’s culture was born through the the “in person” office connection?
And perhaps even more practically:
Are organizations and teams adapting quickly enough?
There are little things that companies and teams are starting to do to bring their “together” connections into the “distanced” work environment. Two increasingly effective ones that leverage technology that emerged in the “covid techsplosion”…
No two CISO jobs are the same. This guide is designed to scale for security leadership from the enterprise down to the startup.
People cling to this notion of “first 90 days” in a new job. Sometimes it’s “first 100 days.” In some cases, it’s just referred to as “onboarding.”
Countless articles, opinions, books, and lists have been written about what to do in your “First [#] Days” at your new job. I have read many of them. Too many of them.
So, I’ll be the first to point the finger at myself and groan for writing another. But that’s exactly what I did. And I did it as a mindmap. Because that’s how my overloaded brain consumes best. There’s a good chance that I’ve covered some items that you’ve read in other guides. And I’d be concerned if I didn’t repeat a thing or three. This onboarding guide was written for the CISO. …
In the middle of the Coronavirus pandemic, there is a desperate shortage of platelets and also plasma for the blood banks and hospitals. Below are specific recommendations for potential donors to prepare for and to donate blood Covid-Safely.
This list was adapted from advice and guidance provided by The World Health Organization (WHO), Center for Disease Control (CDC), The American Red Cross, and first hand experience donating platelets in March 2020.
The one constant across Chief Information Security Officers (CISOs) is that each of them have different expectations to live up to in their roles. While the role of CISO is still relatively new, companies haven’t yet embraced a consistent set of expectations for CISOs to deliver. Adding to the confusion, each CISO has different training and professional experiences that got them to their role. So, it’s easy to understand how these discrepancies could lead to misalignment and unclear messaging.
There is no clear roadmap for effective engagement or communication between security leaders and their business partners and peer executives. The way that security leaders communicate with their business partners in the boardroom and the way that business leaders engage with security increasingly suffers from unintended misunderstandings. …
In business, communication is king. And yet, knowing when to communicate what message and to whom can be an art form. Pitch an idea before it’s fully baked and risk losing buy-in. Suggest a new program before you have the right level of support and miss out on budget dollars. Rather than thinking about communication as a formal deliverable or milestone that happens once everything is polished and “ready” successful communicators, change agents and business leaders embrace their company’s “back channel.” …
Cybersecurity risk is an increasing focus area for board members, regulators, and business leaders across all industries. Executives are asking questions like: What are the cybersecurity threats that our company faces? What are our Crown Jewel Information Assets that we need to focus our resources on protecting? And just how well are we protecting our most critical or sensitive information assets? [Click here to discover if you’re protecting the right Crown Jewel Information Assets]
Information Security Officers and Risk leaders have a multitude of control frameworks to consider when prioritizing security activities. Each of them covers slightly different focus areas and many of them overlap. Some of the most widely reviewed security standards and frameworks are: ISO 27001/27002, PCI DSS, CIS Critical Controls, and the numerous NIST documents (e.g. NIST CSF, NIST RMF, NIST 800–53). It’s easy to get lost in the plethora of frameworks, recommendations, and best practices. CISOs and Risk leaders should remain focused on what Crown Jewel Information Assets they have, why they are considered critical or strategic and use that to inform and prioritize security controls. …