BSW #269 – Mike Goldgof

Matt Alderman

1. A ‘CISO evolution’ means connecting business value to security
   As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite.
2. How CISOs can prepare for new and unpredictable cyberthreats
   CISOs often ask, “How do I avoid being hit by the next major cyberattack?” The problem is, that’s the wrong question. CISOs must focus on three core areas: 1. Strengthen the resilience of your security program 2. Build flexibility into security designs 3. Engage executives with the business value of cybersecurity readiness
3. 8 Leadership and Management Principles from Ex-Navy Seal?—?Jocko Willink
   In his book titled Extreme Ownership: How US Navy Seals Lead and Win, he explains some key leadership concepts that he learned from his time in the seal teams and how he use them to coach leaders in the corporate world as part of his corporate leadership consulting practice: 1. It’s My Responsibility 2. Belief 3. Prioritize and Execute 4. Decentralized command 5. Lead down the chain of command 6. Leading up the chain of command 7. Being decisive amidst uncertainty and execute 8. Discipline equals freedom
4. Practice Transparent Leadership
   Here’s what it takes to be a transparent leader: 1. Be Honest 2. Be Open And Accessible 3. Ask Questions And Show Interest 4. Confront Difficult Situations 5. Provide Access To Information 6. Involve People In Decision-Making
5. How to Move from Strategy to Execution
   Three out of every five companies rate their organization as weak on strategy execution. When you dig into the potential barriers to implementation, there is a general lack of understanding of the various factors at play, resulting in the inevitable managerial justifications — “poor leadership,” “inadequate talent,” “lack of process excellence,” etc. This article suggests three key steps to build the right execution system: 1) a good strategy, 2) the right organization, and 3) effective management. With these three ingredients in place, human ingenuity can be unleashed, and employees can collectively deliver on the company’s strategic goals.
6. Gartner: 8 Ways Cybersecurity Will Change Companies
   From zero trust flops to possible limits on ransomware payments, Gartner outlines its security-related predictions for 2022-2023: 1. ‘Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70 percent of global GDP.’ 2. ‘By 2025, 80 percent of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.’ 3. ‘60% of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits’ 4. ‘By 2025, 60 Percent of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.’ 5. ‘Through 2025, 30 Percent of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1 Percent in 2021.’ 6. ‘By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties’ 7. ‘By 2025, 70 Percent of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.’ 8. ‘By 2026, 50 Percent of C-level executives will have performance requirements related to risk built into their employment contracts.’
7. 6 tips for effective security job postings (and 6 missteps to avoid)
   With demand for security professionals outstripping supply, employers need to ensure their job postings hit the mark. Here’s how to write a security job posting that attracts qualified candidates: 1. Do: Detail what the position requires. Don’t: Think of your ad as a wish list. 2. Do: Be realistic about how much one person can accomplish. Don’t: Ask for excessive amounts of experience. 3. Do: Indicate traits that would lead to success. Don’t: Ask for excess education, either. 4. Do: Be clear about your culture, mission. Don’t: Downgrade positions. 5. Do: Sell the position and the organization. Don’t: Use buzzwords or vague catchphrases. 6. Do: Be strategic about where you place your posts. Don’t: Outsource the task of writing the job posting.