Cybersecurity Trends for the Chief Information Security Officer

On this episode of Life of a CISO, host Dr. Eric Cole reviews the state of IT today and how it effects Cybersecurity Trends.

Remote access is not just the future of tech, it’s the present.

Remote clients, including BYOD, are becoming the norm, and “thin clients” are about to break out and become the new normal for business computers.

A common mistake that CISOs continue to make as they guide their companies through this transition is to still try to be the hero and become the tactical guy, when the job of the CISO is not to get into the weeds but to set the strategy and coordinate with the IT team, who will execute the strategy.

Dr. Cole follows this up with a brief history of IT, so because wherever security goes, information technology has already been there.

Finally, he ends with a good, but not perfect, metric for measuring your success as a CISO. Remember, when becoming a CISO, there is no such thing as 100% security as long as there is functionality, so explain this to the executive and agree on how you define success, or you’ll have a short career as a CISO.

In this episode:

  • 0:01 WELCOME
  • 0:44 Lessons I’ve learned “Control/manage not build”
  • 1:43 A CISO is either 1 or a small team. The tactical work is separate.
  • 2:50 Remote work
  • 2:48 second lesson
  • 4:40 BYOD is back, baby!
  • 5:33 Step back and assess the changes in the last 6 months
  • 7:26 CISOs need multiple crystal balls.
  • 7:55 Thin clients will be the future
  • 10:04 Thin clients solve these problems
  • 11:48 One more lesson: You are a strategist, not a hero
  • 13:42 The newer model
  • 15:23 Stop building and start managing (redux)
  • 16:04 A successful CISO will change some premises in the organization
  • 17:28 The evolution of IT, and how it helps you see the progress of security
  • 17:47 In the 80s…
  • 19:05 In the 90s…
  • 20:27 Comparing the evolution of security
  • 22:02 Why things changed
  • 24:15 The “Five nines” metric is not a good metric.
  • 26:19 Why attempted attacks is actually a good metric
  • 29:24 Keep it short and sweet
  • 29:48 Closing advice