Business Ethics and the CISO – Troy Stairwalt – CSP #111
As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior.
Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario.
CISOs must:
1 Understand your organizations risk tolerance and appetite
2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics.
3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds.
4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours?
5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor!
Guest
Former CISO Akron Children’s Hospital
Former CISO Westfield Insurance
With more than 20 years of information security experience, Troy Stairwalt’s expertise includes Cybersecurity Strategy, Program management, Information Security analysis, engineering, IT risk assessment, data privacy, cybersecurity architecture and cyber forensic investigations. Looking for ways to empower others and give back by sharing his knowledge, Troy spent several years volunteering with a group of internationally recognized experts to write, review and revise both the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certification exam questions, answers and plausible distractors to help the next generation of experts remain current with industry best practices. As these exams are administered internationally the questions and answers had to maintain technology, cultural and regulatory independence. In addition, Troy was asked to provide mentorship for SANS 504 course, Hacking Techniques, Exploits and Incident Handling. Troy currently teaches Cybersecurity and auditing information systems at the University of Akron.
Graduating summa cum laude, Troy obtained his master’s degree in Business Administration (MBA) from Ashland University.
Troy’s professional credentials include:
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Insider Threat Program Manager (ITPM)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• GIAC Certified Incident Handler (GCIH)
• Certified Data Privacy Solutions Engineer (CDPSE)
Host
Todd Fitzgerald promotes CISO/CPO leadership via the SCMedia CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. Todd serves as VP, Cybersecurity Strategy, CyberRisk Collaborative. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2023) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.