In cybersecurity, it has long been assumed that the attacker has the advantage and that defenders must deploy a disproportionate amount of resources (time, money, etc.) to even try and maintain some parity. In this piece, we’ve conducted interviews with two successful CISOs to provide insight into how they view security alpha issues. Mark Weatherford is a highly experienced and successful CISO who has worked in the public sector at both the state and federal level and also as a CISO for multi-billion dollar commercial organizations. Our Global FS CISO currently works as the Global CISO at one of the largest financial services firms in the world and has 25 years of experience working on cybersecurity and risk management issues.

Their responses provide direct insight into how they work to improve the ROI of their program and increase attacker cost.

Tom Quinn turned an education in the U.S. Navy into a lifetime of learning.  Read  how Tom used his military skillsets to prepare him for some of the most important positions in the country:  CISO at a the world’s largest financial firms including his current role as CISO at  Investment Firm, T. Rowe Price.

“Using data science to create insight is where we are spending a lot of time.  Tools and controls are necessary and still effective, but they don’t discover the things you don’t expect to find.  You need ML/AI for that – to produce a picture of what is normal and identify what isn’t.”

What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations.  With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community. 

According to the Federal CISO Grant Schneider, supply chain security threats will be on the rise in 2020, culminating with guidance from the Federal Acquisition Supply Chain Council, which was created in late 2018. The council was formed under the SECURE Technologies act and is compromised of civilian agencies, the

As the cybersecurity field matures and enterprises face elevated security stacks due to the variety and sophistication of cybersecurity threats, it is critical that cybersecurity entrepreneurs address how to differentiate their organization and insert their offerings into these stacks. Cambell Soup Company CISO Renee Guttmann states that she has been

Two things happened last week that will ultimately have a huge impact on almost every American consumer alive today.

The cybersecurity market is so congested, it can be difficult to establish a dialogue with overwhelmed CISOs.

Under the Federal Information Security Modernization Act of 2014 (FISMA 2014), the agency chief information security officer (CISO) has the responsibility to ensure that the agency is meeting the requirements of the law, including developing, documenting, and implementing the agency-wide information security program. However, 13 of the 24 agencies GAO