Tag: ciso
-
RSAC 2025: The CISO to VC Transition
Welcome to the talk page for My Journey – CISO to Partner at a VC Firm, as given at the Tejas Cyber Entrepreneurship Summit. There isn’t a particular abstract, other than “How did you make the transition from CISO to Partner?”, and this talk aims to genericize the conversation. How to CISO relevant resources Talk…
-
Handbook: Applying Zero Trust Principles in a Cloud-Centric World
Zero Trust … but to Which Cloud? In the cloud-centric world enterprises increasingly operate in, there are different interesting environments that zero trust principles should be applied to. One of them we’ve somewhat talked about the evolution of the enterprise IT network. That network is becoming more and more obsolete, slowly being replaced with different…
-
Handbook: Environments
One challenge of being a CISO is understanding scope: when a colleague tells you a truth (hypothetically “We patch our systems regularly”), in what environment is that true? Maybe they’re just referring to the core Windows Domain servers, or possibly to desktops, but it’s easy for executives, including CISOs, to hear that as “we do…
-
RSAC 2025 CISO BootCamp: The Idealized CISO
Welcome to the talk page for A Unicorn Designed by a Committee: The Idealized CISO. You can find additional resources here! Abstract Every CISO arrives by a different path, and every executive has a different expectation of what a CISO actually does (besides “everything”). Where do these expectations come from, and how can you prepare…
-
How to CISO Volume 0: The Idealized CISO Job Description
Many companies are not in dire need of a CISO right now, but need to define a role for their future CISO, often including a plan to develop the incumbent security executive into a credible CISO. This guide provides a profile of the idealized CISO. Why idealized, and not ideal? Because a CISO is often…
-
Preview: How to CISO Volume 2: Risk Measurement
As a CISO, you’re often going to be asked to measure risk. This has a lot of different meanings, depending on who is speaking, so you’re going to have to listen carefully to the speaker to understand what they’re actually asking for. It’s possible that you’re being asked to provide a quantitative answer to the…
-
The Death of the CIO
CISOs grew up in the CIO’s blindspot. As cloud and SaaS bring IT and security back together, which will survive their impending deathmatch? A half-century ago, most corporations were paper-native: Their business processes all executed on paper from both back office (accounting) to go-to-market functions (sales and marketing). Their businesses were location-native: Revenue was often…
-
How to CISO Volume 1: The First 91 Days
Ninety days is generally the grace period (or “honeymoon,” if you’d like) that a new executive has to get acclimated to a new environment. At the end of this time window, your employer is going to expect you to be executing on a plan, anyone you need to meet will expect you to have already…
-
We don’t need another infosec hero
By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement. There’s this belief among a lot of security professionals that we are special, in that we are the defenders of our companies. We like to…
-
CISOs are still chiefs in name only
If you’re not in the meeting where decisions are made, then you’re not part of the C-Suite—whatever your title may be. Look around the CISO community, and you’ll find signs of burnout everywhere. Where CISOs aren’t just quitting, you’ll find increasing tension between them and their executives, sometimes resulting in surprising departures. Ply a friendly CISO with…