According to some old research from Ponemon and F5 I recently rediscovered today, 74% of the respondents to a 2017 survey said that their security programs weren’t aligned with the objectives of the businesses they were trying to protect. And even today, I spoke to a very modern bank in the middle of a massive […]
What’s really keeping you from making credible strategic security plans?
A couple of things in my inbox interesting yesterday. First there was this article talking about the challenges of building credibility with the business as a CISO. Their list of the top issues in this area were: the ability to get initial buy-in from fellow executives on security strategies and initiatives and how they support […]
“The business” doesn’t care about cybersecurity
I recently had a conversation with someone who was lamenting about how difficult it was to connect and to communicate with “the business”—you know, the “everyone who isn’t in IT or Security” part of the organization… …that same organization you’re busting your backside every day to protect and keep safe. Yeah, those people. Now maybe […]
Speaking CEO
One of the CISOs I follow on Twitter triumphantly tweeted (oohhhh….’lotta ‘literation there): “I think I managed to speak CEO effectively today.” And I think that’s great. It’s an achievement…and it’s also something that’s a bit like Steven Wright’s photo of Houdini locking his keys in his car—very rare. The question is, what are we […]
Avoiding the lava of stakeholder interviewing
Today was the “back to school” night for my son’s school, and one of the things we got to see was what they were doing in the new classroom, and in particular, the “identity board” project they’d been working on for the last week or so. And in the upper left corner was a picture […]