3 Steps To Become A CISO (Chief Information Security Officer)

Поделиться
HTML-код
  • Опубликовано: 22 дек 2024

Комментарии •

  • @folgamiguel91
    @folgamiguel91 3 года назад +7

    im only just beginning on my cybersecurity journey. This was amazing information. I may not be close to becoming a CISO just yet. but just having knowledge of what it takes puts you so many steps ahead. I was totally unaware that organization's had such a crappy way of simply firing a CISO based of 1 attack because they have such unrealistic expectations. Communication is key as always

    • @andilestulo2127
      @andilestulo2127 2 года назад

      Good luck on your journey my Bro, I share your sentiments too esp with only one break people gets suspended just like that

  • @MaximumJusticeCybersecurity
    @MaximumJusticeCybersecurity 4 года назад +2

    Thanks for the inspiration Eric.

  • @lighthunter1980
    @lighthunter1980 3 года назад +3

    Honestly, I was sceptical about this channel with only a few subscribers. I thought the content quality would be meh... Boy was I wrong!
    I have listened to several episodes and the presentation is concise and super helpful. Thank you for all the work that goes into these videos.

  • @uzairdbd
    @uzairdbd 2 года назад

    Thanks, Eric I am really impressed with how you explained the position of a CISO and the logic behind firing the CISOs.
    If I may ask, could we possibly utilize the risk score metric to be an alternate metric for a CISO?
    The way it works is,
    1. Determines an overall system
    security category for the component,
    assigns the security control
    “baseline” (Low/Moderate/High),
    and calculates the initial risk score
    modifier.
    2. Generate risk profile for the identified components(this requires regular inputs from the systems or stakeholders)
    3. The sum of all Component potential
    risk equals the system potential risk.
    And possibly reducing the risk score could be the metric to project improvements in the organization's security posture and work of a CISO.
    Would appreciate your thoughts on this.

  • @dejenwogayehu1240
    @dejenwogayehu1240 3 года назад +2

    Excellent advice and very practical information

  • @poorinvestor
    @poorinvestor Год назад

    Any company not security specific may make an ciso independent from cio. Any other cooperation that is a hard trend to break

  • @Theinsomniac826
    @Theinsomniac826 4 года назад +2

    This is a good video. Thanks!

  • @rajeshsanthanagopalan5955
    @rajeshsanthanagopalan5955 4 года назад

    Awesome and an eye opener in setting priorities.

  • @Pepitoyugi514
    @Pepitoyugi514 4 года назад +1

    Hi !
    Could you please give examples on how find attempted attacks ?
    Thanks !

    • @sgkingori1
      @sgkingori1 3 года назад

      Eric,
      How do we measure attempted attacks? Where do we collect data to comeup with attempted attacks?

  • @navypackman
    @navypackman 2 года назад

    Do CISOs in the private sector have to take polygraphs?

  • @mitchodonnell3976
    @mitchodonnell3976 3 года назад

    Security posture as a metric. Give it a percentage rating. The percentage is made up of:
    How many attacks per day.
    How many end points are covered/not covered. (Laptops, instances, etc)
    Vulnerabilities patched within give windows.
    I agree the Attacks per day is a great metric, but you can scale that out by measuring security posture as a CISO metric.

    • @mitchodonnell3976
      @mitchodonnell3976 3 года назад

      If you are in a SaaS type world, I'd even throw in how many pipelines have your SAST, DAST, SCA checks in place. I'd definitely throw in red teaming and purple teaming into a subsection of the attacks per day. For sure those teams catch C level attention.

    • @mitchodonnell3976
      @mitchodonnell3976 3 года назад

      Oh god, you do go deeper into this at 24:15 haha should have watched the entire video before posting my thoughts.

  • @blazinchannel5943
    @blazinchannel5943 4 года назад

    Eric - these are super helpful!!! I’d love to hear more regarding building out a security program. :-)

  • @decolores82
    @decolores82 3 года назад

    I am seeing a lot of talk surrounding digital business strategy and as CISO's since we need to understand this and be able to speak to the executive team in terms of a Cybersecurity strategy could you do a Life of a CISO episode.

  • @Perkeno
    @Perkeno 4 года назад +1

    Great video. I agree, the CISO should not report to the CIO.

  • @MR-cs6vo
    @MR-cs6vo 3 года назад +1

    Im a undergraduate student i find this content very helpful and i want to participate in your course class in future insha allah

    • @DrEricCole
      @DrEricCole  3 года назад

      Have you checked out the Becoming a CISO Masterclass? You might find this useful: safe.secure-anchor.com/nl-web-ciso46668983

  • @greggh
    @greggh 2 года назад

    Just off the top of my head. Give the execs both the number of attempted attacks and the number of vulnerabilities. And give them the ratio value for the month of AA/V. Track that over time and see if that ratio value is changing due to AA or V.

  • @Theicebergx
    @Theicebergx 4 года назад

    Great show

  • @MegaherzX
    @MegaherzX 4 года назад

    Could something like FAIR be of help to find the right CISO Metric?

  • @franck-ericdaha9653
    @franck-ericdaha9653 3 года назад +1

    I got 22 i wanna be a ciso and i like it

  • @patelgaurav4808
    @patelgaurav4808 4 года назад

    Hii, Can you tell me the road map to become ciso after high school ?