How to think like a Pro CISO (Chief Information Security Officer)
A CISO thinks strategically, not tactically. What does this mean in practical terms? A CISO’s job is not to fix every single potential problem (which would be impossible anyway), but to solve the problem of how to enable functionality and maintain security. To that end, a CISO needs to allocate his time, money, and resources to focus on threats rather than try to patch every vulnerability. Thinking strategically means understanding what critical data and business processes are, where they are physically located, and how to protect them from external and internal threats. In most cases, the internal threat is a well-meaning employee who has been tricked into revealing data or clicking on malware. I call this person “The accidental insider.” In order to think like a CISO, you need to start with the critical information, and then defend it against the most likely threats in the most cost-effective way. If you can do that, you will be a successful CISO.
🔑 [FREE MASTERCLASS]
Discover How You Can Advance Your Career Through Cybersecurity
https://safe.secure-anchor.com/nl-web...
0:08 Welcome
1:03 Always ask “what is the problem you’re trying to solve?”
4:28 Also ask “are we using everything we have” to solve our problems?
5:25 Let the need drive the decision, not the coolness factor
5:48 The Dr. Cole Magic 3
6:53 1: What is the risk?
7:12 2: Is this the highest priority problem?
8:12 3: Is this solution the most cost effective way to solve the problem?
9:02 Always come up with 5 options
11:03 Magic 3 review
12:45 What is the mindset a CISO should have?
14:12 threats and vulnerabilities
16:25 a vulnerability only exists if there’s a threat
18:12 The threats drive the risk calculation
20:38 What is the physical location of the data?
21:25 What are the critical threats?
21:45 Once you understand that, what are the threats to that business process?
22:42 The 2 categories of threats: external and internal
23:40 The accidental insider
27:44 review: start with critical information, defend against threats
28:14 Stap 3: What vulnerabilities exist that allow these threats to cause harm?
29:21 The mistake we make is skipping to step 3
30:21 Don’t trust the scanner without understanding the the threat matrix
31:00 How to think like a CISO
31:57 Wrap up
About Dr Eric Cole
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.
Follow me:
/ drericcole
/ drericcole
/ drericcole
https://www.secure-anchor.com/
#LifeOfaCISO #CISO
