CISO MindMap 2022, Top CISO Strategies, & The Missing Link in Cybersecurity – BSW #263

Recommendations for 2022–2023: 1. Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis and identify critical processes, applications and data. 2. Reduce/consolidate security tools/technologies and vendors. More tools don’t necessarily reduce risk but do add the need for maintaining expertise on security teams. 3. Train staff on business acumen, value creation, influencing and human experience to serve business better. I can’t emphasize this enough. 4. Take an inventory of open source software (both direct and indirect use) and make it part of your vulnerability management program. 5. Build team expertise in technology fields including machine learning (ML) models, model training, API security, service mesh, containers, DevSecOps. 6. Maintain a risk register.

Ground-breaking analysis reveals industry metrics and best-performing cybersecurity strategies: 1. Take cybersecurity maturity to the highest level 2. Ensure cybersecurity budgets are adequate 3. Build a rigorous risk-based approach 4. Make cybersecurity people centric 5. Secure the supply chain 6. Draw on latest technologies but avoid product proliferation 7. Prioritize protection of links between information and operating technologies 8. Harness intelligent automation 9. Improve security controls for expanded attack surfaces 10. Do more to measure performance

Equifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company.

5 Key Tips for Communicating Security Effectiveness: 1. Know your audience 2. Don't start with metrics 3. Be quantitative 4. Remember that security is a team effort 5. Pair empowerment with accountability

I’d like to offer a different approach to solving the market failure, so organizations can enjoy the benefits of both worlds – mitigating cyberthreats through a range of products without drastic integration and maintenance efforts. Vertical innovation should continue to protect new technologies and neutralize new threats; however, at the same time, entrepreneurs and venture capitalists need to encourage horizontal innovation. Horizontal innovation sprouts “horizontal products,” weaving together capabilities from different categories and segments into an effective defensive front. At the core of horizontal innovation lies smart integration, orchestration and automation capabilities powered by AI algorithms.

CISOs themselves, however, have some pathways mapped out: - 47% of survey respondents said they want to become board members; - 44%, chief security officers (a role that includes physical as well as information security); - 18%, entrepreneurs/consultants; - 16%, chief risk officers; - 12%, CIOs; - 8%, private equity officers; - 3%, CEOs; and - 2%, developers of new tools at a security firm. Some 5% said “other,” while 3% said they preferred not to answer. Only 9% wanted to retire.

Suppose you're hiring for a new hybrid role. In that case, it's important to remember that you'll be screening a diverse mix of candidates, some of which are familiar with working independently and some which might be entirely new to the idea of in-office work. To hire for success, consider asking the following questions. 1. What makes you want to work in a hybrid work environment? 2. If you have worked in a remote or hybrid role before, what were the challenges you faced and how did you overcome them? 3. What's your ideal schedule in a hybrid role -- how often would you like to work at home and be in the office? 4. How essential is teamwork and collaboration to you, and how do you expect to make this work while working remotely? 5. How comfortable are you with learning new technology?