What it Really Means to be a

Chief Information Security Officer:

What is a CISO?

Join us today as Dr. Cole reviews what it really means to be a Chief Information Security Officer on today’s episode of Life of a CISO.

A CISOs primary job is oversight and accountability.

In order to do this, a CISO must understand what the organization’s cybersecurity threats are, and communicate that information to both executives and engineers.

Do you possess the communication necessary to be a great CISO? 

In this episode:

  • 1:10 What is really a Chief Information Security Officer?
  • 2:42 A CISO is an executive who understands cybersecurity and can translate it to executives
  • 5:02 How hard is it to break a weak password?
  • 6:33 Advanced attacker doesn’t mean advanced attack vector
  • 7:38 The difference between a major and minor breach
  • 8:40 Are you lying to yourself if you were successfully attacked?
  • 10:16 What do we know?
  • 10:46 Golden rule of firewalls is all connections must go through one
  • 12:49 Until we have international internet police, companies have to step up
  • 14:24 I believe the CISO’s role is oversight and regulation
  • 16:03 Don’t get too technical
  • 18:00 Executives understand one thing best: Money!
  • 18:43 4 columns
  • 20:20 The problem with cool new products
  • 23:20 Why breaches go undetected
  • 25:44 Executives think spending money means you are 100% secure
  • 26:56 Why my procedure works
  • 29:23 Risk, not the solution, drives the equation
  • 30:12 One final warning
  • 31:46 Would your exact budget fix the problem?
  • 35:34 Wrap up