What it Really Means to be a
Chief Information Security Officer:
What is a CISO?
Join us today as Dr. Cole reviews what it really means to be a Chief Information Security Officer on today’s episode of Life of a CISO.
A CISOs primary job is oversight and accountability.
In order to do this, a CISO must understand what the organization’s cybersecurity threats are, and communicate that information to both executives and engineers.
Do you possess the communication necessary to be a great CISO?
In this episode:
- 1:10 What is really a Chief Information Security Officer?
- 2:42 A CISO is an executive who understands cybersecurity and can translate it to executives
- 5:02 How hard is it to break a weak password?
- 6:33 Advanced attacker doesn’t mean advanced attack vector
- 7:38 The difference between a major and minor breach
- 8:40 Are you lying to yourself if you were successfully attacked?
- 10:16 What do we know?
- 10:46 Golden rule of firewalls is all connections must go through one
- 12:49 Until we have international internet police, companies have to step up
- 14:24 I believe the CISO’s role is oversight and regulation
- 16:03 Don’t get too technical
- 18:00 Executives understand one thing best: Money!
- 18:43 4 columns
- 20:20 The problem with cool new products
- 23:20 Why breaches go undetected
- 25:44 Executives think spending money means you are 100% secure
- 26:56 Why my procedure works
- 29:23 Risk, not the solution, drives the equation
- 30:12 One final warning
- 31:46 Would your exact budget fix the problem?
- 35:34 Wrap up