Category: CISO Blog

Board members have a rough time of it making sure that companies are well managed and that the #leadership do right by both the staff and the shareholders. Therefore, when you as #CSO / #CISO present to the Board make sure you message is clear, concise and in English. Paint a clear picture of the Security Risk the business is facing, the mitigate actions you have taken and the residual risk. When you ask for investment in your projects come … Continue reading “How to have an impact on the Board as a CISO / CSO”

Life is journey and not a destination. In this life you will meet many people and as my wife taught me you cross the people’s path for, a reason, season, or a lifetime. In all of them leave an mark that they will always look back on fondly….. don’t be a scar.

Never stop chasing your dreams…. If it was not for me chasing my dreams, I would never have been where I am today.

I am tired on negativity, bleeding media, fail pointing and the general complaining that has taken over the world. This life we have is precious, fragile and short so why do you waste what little time you have on Not enjoying Life? When you leave this world, and you will, what will you be remembered for? I want to be remembered for bringing smiles to faces, being a source of encouragement…someone who will be missed.

To be honest even I am tired of Solarwinds and I think that the employees of Solarwinds are equally tired of being used as the day’s bad example or by some other vendor “ohhhh look they did that wrong but if they used our kit then this would not have happened because we do it right”. I bet you they don’t…. I will bet you good money that any “vendors” network can be breached and used as the next example … Continue reading “The CISO’s soapbox”

You should not need to think about the answer to this question, it should be an automatic YES. The question you will be asked is “Why is it important to my business, we don’t do logistics we do ###”. Supply chain is not just about the movement of items but anything you need to keep your business a going concern. Any “body” that supply’s your business with services or product is your supply chain and they must be able to … Continue reading “Cyber Security in you Supply chain…. Do you need it?”

It has been reported that Internet-Enabled Crime for 2020 exceeded $4.2 Billion in the US alone…and who knows what the actual figure globally is. Key items for #leadership and #ciso to look at going forward: Supply chain security … yes that includes your security products, are they as secure as what you are? Can they prove it? People Security…. Invest in training and awareness and make it part of their KPI’s / Bonus calcs Identity analytics….if you cannot answer these … Continue reading “The CISO Blog….again”

It has come to light that LastPass is sharing tracking information from to various providers, such as Google and Segment. The report states the “Even the app developers do not know what data is collected and transmitted to the third-party providers” So how comfortable do you feel about your password manager now? Free stuff is NEVER free. 1Password has none, KeePass has none… So why are there seven embedded trackers in the LastPass Android app? • The Register

End of Life (EoL) and End of Maintenance (EoM) being disregarded in real life leads to epic compromise of their customers in what they call a “one-two-punch”, first they had their info stolen, then held to ransom. “Software company Accellion has released preliminary findings around the security incident that has stung some customers that used its 20-year-old File Transfer Appliance.” https://www.inforisktoday.com/accellion-how-attackers-stole-data-ransomed-companies-a-16038?rf=2021-02-24_ENEWS_SUB_IR__Slot1_ART16038&mkt_tok=eyJpIjoiWlRBNVpEZ3hNalJsT1RObSIsInQiOiJ4Q1p1ZlBwMkdtSHVjRkVjekY1dnhCZjVZUE5leWlpNVE3WUF2ZXZpRDRsRG5nYjBRZVlHcWtHejJqK2p1cDM3c3VjUWdpUHdrMVR5YWZVN2FVRzgxaDBXemE2aVh3ZDV5MnVUWktTZ2lcL1B5bTFsYnVoenVCKzUyUWlndWlMazBPUXZaVkZBcjNIRkZZc1V3OFpQVkJnPT0ifQ%3D%3D

Whitehouse Executive Action imminent….. I grabbed one item out of the release, it is one that I have been waiting for and I am sure most other #ciso also. It is time that businesses #leadership understand that the CISO can no longer report to the CIO for the same reasons that #Risk and #internalauditing are separate units. The CISO needs that independence to execute their function https://www.databreachtoday.com/white-house-preparing-executive-action-after-solarwinds-attack-a-16024?rf=2021-02-19_ENEWS_SUB_DBT__Slot1_ART16024&mkt_tok=eyJpIjoiWVdZM09EWTNOR1F5TnpSbSIsInQiOiJDcUVRUCtLMzZJR1ZQMytINXlxK3duYWgzTEZlNkEwRnRXd1czbFpEOTdJNWxnQVR6VVU0Tnh4SkxKTjB5aE5NVTZzdG1TcVNuaG5oNFdSRHlQZUxUXC9IZkpvenE0UU1LaVRtSnVKalVtenR4eHlnOEF4ZzYrXC9heG1sZGNNRE95aXJcLzdWZjVcL3lwV3dzcnR0REVJaG1RPT0ifQ%3D%3D “Since the position of the CISO was created, most report to the chief … Continue reading “The after effects of Hurricane SolarWinds”