What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations. With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community.
Watching the conclusion of the DARPA Cyber Grand Challenge at Def Con in 2016 felt like getting a glimpse into the future. At the time, and in subsequent media interviews (New Scientist, Cipher Brief) I noted that I had been caught by surprise and went into the event expecting incremental