As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior.
Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario.
CISOs must:
1 Understand your organizations risk tolerance and appetite
2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics.
3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds.
4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours?
5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor!
Former CISO Akron Children’s Hospital
Former CISO Westfield Insurance
With more than 20 years of information security experience, Troy Stairwalt’s expertise includes Cybersecurity Strategy, Program management, Information Security analysis, engineering, IT risk assessment, data privacy, cybersecurity architecture and cyber forensic investigations. Looking for ways to empower others and give back by sharing his knowledge, Troy spent several years volunteering with a group of internationally recognized experts to write, review and revise both the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certification exam questions, answers and plausible distractors to help the next generation of experts remain current with industry best practices. As these exams are administered internationally the questions and answers had to maintain technology, cultural and regulatory independence. In addition, Troy was asked to provide mentorship for SANS 504 course, Hacking Techniques, Exploits and Incident Handling. Troy currently teaches Cybersecurity and auditing information systems at the University of Akron.
Graduating summa cum laude, Troy obtained his master’s degree in Business Administration (MBA) from Ashland University.
Troy’s professional credentials include:
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Insider Threat Program Manager (ITPM)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• GIAC Certified Incident Handler (GCIH)
• Certified Data Privacy Solutions Engineer (CDPSE)
