
OODAcast: Technology Risk Executive and former NASA CISO and CIO Jerry Davis
Jerry Davis has spent decades succeeding in hard jobs supporting critically important missions. He is a decorated combat Veteran who served in he US Marines for 11 years including in Operation Desert Storm/Desert Shield. He also served in the Central Intelligence Agency in service to world wide missions including leveraging technology in denied areas against high profile targets. Jerry would later become the first CISO at the US Department of Education, then the CISO for NASA and later the CISO for the Department of Veterans Affairs. He returned to NASA as the CIO for the Ames Research Center, a position he held till 2018.

Seeking Security Alpha
In cybersecurity, it has long been assumed that the attacker has the advantage and that defenders must deploy a disproportionate amount of resources (time, money, etc.) to even try and maintain some parity. In this piece, we’ve conducted interviews with two successful CISOs to provide insight into how they view security alpha issues. Mark Weatherford is a highly experienced and successful CISO who has worked in the public sector at both the state and federal level and also as a CISO for multi-billion dollar commercial organizations. Our Global FS CISO currently works as the Global CISO at one of the largest financial services firms in the world and has 25 years of experience working on cybersecurity and risk management issues.
Their responses provide direct insight into how they work to improve the ROI of their program and increase attacker cost.

OODA Network Interview: Tom Quinn
Tom Quinn turned an education in the U.S. Navy into a lifetime of learning. Read how Tom used his military skillsets to prepare him for some of the most important positions in the country: CISO at a the world’s largest financial firms including his current role as CISO at Investment Firm, T. Rowe Price.
“Using data science to create insight is where we are spending a lot of time. Tools and controls are necessary and still effective, but they don’t discover the things you don’t expect to find. You need ML/AI for that – to produce a picture of what is normal and identify what isn’t.”

11 Habits of Highly Effective CISOs
What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations. With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community.
Federal CISO: Better Info Sharing Will Lead to More Secure Supply Chain
According to the Federal CISO Grant Schneider, supply chain security threats will be on the rise in 2020, culminating with guidance from the Federal Acquisition Supply Chain Council, which was created in late 2018. The council was formed under the SECURE Technologies act and is compromised of civilian agencies, the
Attention cybersecurity entrepreneurs: CISOs want simplicity!
As the cybersecurity field matures and enterprises face elevated security stacks due to the variety and sophistication of cybersecurity threats, it is critical that cybersecurity entrepreneurs address how to differentiate their organization and insert their offerings into these stacks. Cambell Soup Company CISO Renee Guttmann states that she has been

Embracing a Future of Technical and Political Churn
Two things happened last week that will ultimately have a huge impact on almost every American consumer alive today.

10 Rules For Cybersecurity Salespeople
The cybersecurity market is so congested, it can be difficult to establish a dialogue with overwhelmed CISOs.

GAO Federal CISO Report
Under the Federal Information Security Modernization Act of 2014 (FISMA 2014), the agency chief information security officer (CISO) has the responsibility to ensure that the agency is meeting the requirements of the law, including developing, documenting, and implementing the agency-wide information security program. However, 13 of the 24 agencies GAO