25 Apr 2022

4 questions every CISO should be asking about the metaverse

The metaverse is coming — and it’ll be here sooner than you might think. Gartner forecasts that by 2026, a quarter of people will spend at least an hour a day in the metaverse. This is great news for businesses, as it will unlock new business models and ways of

Read More
10 Sep 2021

The Man Who Protects Our Secrets: Bob Bigman on Mitigating Enterprise Risks

Bob Bigman spent a career in the intelligence community. He was the CISO of the CIA where he was tasked with leading efforts to protect the nation’s most sensitive secrets. Since 2012 he has provided direct consulting services to CISOs, CIOs, CTOs and CEOs seeking to reduce risk and improve security programs. Through it all he has built a reputation for rapidly assessing the state of enterprise security programs and then working to build action plans to drive continuous improvement. This OODAcast examines aspects of Bigman’s approach to security that can inform you own approach. We also solicit his views on compliance and security checklists, metrics, and the state of the IT industry (he does not hold back on any of those!).

Read More
01 Jul 2021

Pentagon CISO Suspected of Sharing Secrets

Katie Arrington, a top cyber official at the Pentagon is reportedly on leave while claims that she leaked classified intelligence are being investigated by the Defense Department. Arrington served as the chief information security officer (CISO) for Acquisition and Sustainment at the Defense Department. Arrington was hired in 2019 under

Read More
06 Nov 2020

OODAcast: Technology Risk Executive and former NASA CISO and CIO Jerry Davis

Jerry Davis has spent decades succeeding in hard jobs supporting critically important missions. He is a decorated combat Veteran who served in he US Marines for 11 years including in Operation Desert Storm/Desert Shield. He also served in the Central Intelligence Agency in service to world wide missions including leveraging technology in denied areas against high profile targets.  Jerry would later become the first CISO at the US Department of Education, then the CISO for NASA and later the CISO for the Department of Veterans Affairs.  He returned to NASA as the CIO for the Ames Research Center, a position he held till 2018.

Read More
21 Jul 2020

Seeking Security Alpha

In cybersecurity, it has long been assumed that the attacker has the advantage and that defenders must deploy a disproportionate amount of resources (time, money, etc.) to even try and maintain some parity. In this piece, we’ve conducted interviews with two successful CISOs to provide insight into how they view security alpha issues. Mark Weatherford is a highly experienced and successful CISO who has worked in the public sector at both the state and federal level and also as a CISO for multi-billion dollar commercial organizations. Our Global FS CISO currently works as the Global CISO at one of the largest financial services firms in the world and has 25 years of experience working on cybersecurity and risk management issues.

Their responses provide direct insight into how they work to improve the ROI of their program and increase attacker cost.

Read More
03 Apr 2020

OODA Network Interview: Tom Quinn

Tom Quinn turned an education in the U.S. Navy into a lifetime of learning.  Read  how Tom used his military skillsets to prepare him for some of the most important positions in the country:  CISO at a the world’s largest financial firms including his current role as CISO at  Investment Firm, T. Rowe Price.

“Using data science to create insight is where we are spending a lot of time.  Tools and controls are necessary and still effective, but they don’t discover the things you don’t expect to find.  You need ML/AI for that – to produce a picture of what is normal and identify what isn’t.”

Read More
18 Dec 2019

11 Habits of Highly Effective CISOs

What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations.  With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community. 

Read More
21 Nov 2019

Federal CISO: Better Info Sharing Will Lead to More Secure Supply Chain

According to the Federal CISO Grant Schneider, supply chain security threats will be on the rise in 2020, culminating with guidance from the Federal Acquisition Supply Chain Council, which was created in late 2018. The council was formed under the SECURE Technologies act and is compromised of civilian agencies, the

Read More
13 Nov 2019

Attention cybersecurity entrepreneurs: CISOs want simplicity!

As the cybersecurity field matures and enterprises face elevated security stacks due to the variety and sophistication of cybersecurity threats, it is critical that cybersecurity entrepreneurs address how to differentiate their organization and insert their offerings into these stacks. Cambell Soup Company CISO Renee Guttmann states that she has been

Read More
04 Jul 2018

Embracing a Future of Technical and Political Churn

Two things happened last week that will ultimately have a huge impact on almost every American consumer alive today.

Read More