Building a Risk-Based Cybersecurity Architecture

I have recently joined the Cybrary Mentorship Program. I have really enjoyed my time thus far, providing students across the globe with a few insights from my time in the field working as a CISO, architect, designer, and systems engineer. I am helping the guys at Cybrary with their CISO-based syllabus and recently participated in …

Continue reading Building a Risk-Based Cybersecurity Architecture

The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

Nobody wants their enterprise to be the victim of the next big data breach. For chief information security officers (CISOs) and others who eat, breathe and sleep technology, the solutions seem obvious; there are, after all, not many times, waking or sleeping, that we’re not thinking cybersecurity best practices. But there’s a hidden danger to …

Continue reading The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

How to engage with the C-suite on cyber risk management, part 3

Understanding KPIs and KRIs. In the first and second parts of our series on engaging with boards on cyber risk management, we explained what today’s boards needed to know about security. In this article, we’ll deep dive into some of the metrics associated with our four-step methodology for qualifying threats and prioritising risk (see details in part 2). The ultimate …

Continue reading How to engage with the C-suite on cyber risk management, part 3

How to engage with the C-suite on cyber risk management, part 2

In Part 1 of this series on on delivering meaningful metrics to boards, I talked about the need to discuss security risks in ways that relate to board concerns. Many CISOs are reporting the wrong metrics to boards — for example, a malware platform supposedly finding 333 million malware alerts or 234,333 wrong password entries. Without context …

Continue reading How to engage with the C-suite on cyber risk management, part 2

How to engage with the C-Suite on cyber risk management

Enron changed the world of finance and the energy industry forever, and the early days of the Equifax hack look as though this breach could change the face of the credit industry and cybersecurity forever. That a single company could amass so much financial information on an individual and be as poorly defended as it …

Continue reading How to engage with the C-Suite on cyber risk management