Tips from Top CISOs

Tips from industry-leading CISOs

pgcontentbox - Tips from Top CISOs
Tip: Always be willing to collaborate, help, aid, and assist.
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsZachM tips slide - Tips from Top CISOs
Zachery S. Mitcham
Chief Information Security
& Compliance Officer
North Carolina Central University
We can all benefit from viewing the problem from different vantage points. Collaboration is the life blood of Information Security.
pgcontentbox - Tips from Top CISOs
Tip: Never Pay Lip service to your Security Awareness Program
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsFavourFemiO tips - Tips from Top CISOs
Favour Femi-Oyewole
Certified Chief Information Security Officer
Awareness training is an essential part of securing an organization. However, the idea should be to create a security culture, not to make them knowledgeable. If it is handled as tick the box, then it heads into failure, if it lacks Top management involvement and support, it results in futility. If it is not a continuous activity using a strategy that target imbibing a security culture among the employee, it makes a mess of every other good thing the CISO is doing. CISOs should “market” Information Security and cybersecurity best practices as a matter of personal importance that promotes the protection of home and family.
pgcontentbox - Tips from Top CISOs
Tip: Be A CISO That Walks Around
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsTysonMartin tips - Tips from Top CISOs
Tyson Martin
 
Take your lead from Bill Hewlett & Dave Packard’s example of management by walking around. Get outside your security safety zone and stroll around the office, talking to others from other teams about their latest initiatives and goals. The relationships you build and the things you learn will be priceless in the cultural transformation you have ahead of you.
pgcontentbox - Tips from Top CISOs
Tip: No CISO is an Island of Knowledge
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsFavourFemiO tips - Tips from Top CISOs
Favour Femi-Oyewole
Certified Chief Information Security Officer
The importance of CISOs sharing information among each other and learning trends from one another is essential. Avoid the silo mentality; we all need one another in this global village.
pgcontentbox - Tips from Top CISOs
Tip: The 6 or 9 approach.
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsjothidugar tips 1 - Tips from Top CISOs
Jothi Dugar
CISO, National Institute of Health
If two people stand on either end of the number 6 or 9, both will see a different number, yet both are right in what they see. Many times in organizations there seems to be a dynamic in which CISOs and CIOs and their Technical Operations personnel are on opposite ends of the same "number" and feel the need to prove either side wrong. To be a successful CISO, it requires you to look at situations with a different perspective and have strong communication skills to enable you to communicate effectively and effectively with diverse groups of people in a "language" that resonates with them without making anyone right or wrong.
pgcontentbox - Tips from Top CISOs
Tip: The CISO needs to understand the business.
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsFavourFemiO tips - Tips from Top CISOs
Favour Femi-Oyewole
Certified Chief Information Security Officer
I ensure time is created even in the midst of no time to read business books that broaden my knowledge on how to interface with business people in my organization. My job is to help all the stakeholders in the business and ensure their activities align with the security program.
pgcontentbox - Tips from Top CISOs
Tip: Invite yourself to peer staff and leadership meetings whenever possible
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsChuck McGann tips - Tips from Top CISOs
Chuck McGann
Independent Security Consultant
pgcontentbox - Tips from Top CISOs
CISO as a True Corporate Advisor
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOsFavourFemiO tips - Tips from Top CISOs
Favour Femi-Oyewole
Certified Chief Information Security Officer
A CISO that has matured into the level of Corporate Advisor will easily have its way and have many in the organization consulting him/her you on different issues, even outside of security stuff because the CISO function is seen as an Enabler, the opposite will lead to the CISO being in the darkness of so many things happening in the organization.
pgcontentbox - Tips from Top CISOs
Tip: Stress Test Your Cybersecurity Program
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOstaris tips - Tips from Top CISOs
Tari Schreider
Cybersecurity Strategist, Author & Instructor

In my career, I have assessed literally hundreds of cybersecurity programs. Of those programs I reviewed, less than five-percent were ever stress tested. Having a program audited or assessed does not constitute stress testing. They only serve to review control existence, not execution or performance. One has to purposefully test the reactions of their cybersecurity program and staff against a number of scenarios or simulated attacks.

I have found that using the NIST Cybersecurity Framework (CSF) is perfectly suited as a baseline. Particularly the detect, respond, and recover functions. Next you would select a hypothetical data breach or cyber-attack scenario as a test of your organization’s ability to react to the simulated event. The stress test is an advanced table top exercise and is best carried out unannounced using a scenario ripped from today’s headlines. Your staff can only use what is presently documented within your organization’s cybersecurity program. You will be amazed at how the stress test unfolds.

pgcontentbox - Tips from Top CISOs
Tip: Never be too quick to accept blame.
arrow to left - Tips from Top CISOsarrow to right - Tips from Top CISOscurtisl tips - Tips from Top CISOs
Dr. Curtis KS Levinson
United States Cyber Defense Advisor to NATO
Privacy, Cyber Defense, Compliance,
Continuity/Recovery,
Secure Cloud & Information Governance
Very often, the CISO tends to be the dumping pit of everything gone wrong. One zero-day attack, when you’re fully prepared (as budget will allow) everyone wants to fire the CISO. Even when budget has been tightly restricted (as it often is) the CISO gets blamed for every cyber incident. Don’t be afraid to push back, cite budget and staff limitations and quote as many statistics as possible. Always hang tight.