Showing Blog Posts: 11–20 of 57 tagged CISO

  • SOC: To outsource or not to outsource?

    by RSAC Contributor on June 17, 2015

    This post comes from Greg Boison, director of homeland and cybersecurity at Lockheed Martin, who was part of the Transforming SOCs roundtable discussion at the recent Gartner Security & Risk Management Summit. The following is his summary of the discussion. While walking the floor and listening to the sessions at the Gartner Risk and Security Summit, a key issue crystallized for me around Security…

  • Growing Up: A Roadmap to Vulnerability Management Maturity

    by Eric Cowperthwaite on June 8, 2015

    At this year’s RSA Conference, there was strong focus on identifying where your company’s security posture is in terms of maturity. As Brian Krebs touched on in a recent post, there are many different maturity models outlining what your company is doing, and what it should be doing. Of course each company is different, and the path to reducing risk is never a straight line. It is, however, …

  • Security By Any Other Name

    by Wendy Nather on May 21, 2015

    If you went up to a pharmacist and said, “Hi, I need something to cure a case of the APTs,” what do you think she would recommend? A big issue with the security industry has to deal with the way we market and describe security technology. It used to be that products were described by functionality, with point features that were well understood: firewall, anti-virus, anti-spam, web filter, log…

  • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security

    by Ben Rothke on May 16, 2015

    Full disclosure: this book is sponsored by the Cloud Security Alliance of which I am a founding member. I am also friends with 2 of the authors. Even though cloud computing is mainstream such that even the Federal Government is on board; it’s not necessarily so that it will always make computing cheaper and faster. And all the more so when it comes to security and privacy. The challenge is how to…

  • Next Stop for the CISO: The Office of the CIRO?

    by Tony Kontzer on May 4, 2015

    As if CISOs didn't have enough to worry about already, now we are hearing they should be seriously considering acquiring the skills they need to become the chief information risk officer. Few organizations today have a CIRO, but if the scuttlebutt at the recently concluded RSA Conference is to be believed, they will soon, and CISOs are the logical choices to fill that role. It's reasonable to…

  • Give Boards Metrics They Can Actually Understand

    by Tony Kontzer on April 22, 2015

    Troy Braban was only half-joking with this slide he shared at the RSA Conference in San Francisco: "83.45% of metric presentations at 96.82% of security conferences suck." Fortunately for the the more than 500 attendees who packed his session to hear about security metrics boards actually care about, Braban, the CISO of Australia Post, wasn't talking about himself. The problem most CISOs have in…

  • How to Go From Techie to CISO

    by Tony Kontzer on April 21, 2015

    It hit me like a load of bricks Monday at the RSA Conference in San Francisco: CISOs are following in the footsteps of their CIO brethren. CIOs translated technology's rise in strategic importance to raise their profile within the enterprise. Similarly, CISOs are now taking advantage of the increased scrutiny on the organization's security to raise their profile in the business and gain entry…

  • Breaking the Glass Firewall: Women in IT Security Panel

    by Tony Kontzer on April 20, 2015

    Despite notable progress in the acceptance and treatment of female IT security employees, the industry continues to struggle in establishing itself as a career track for women. During a panel discussion at the RSA Conference Monday, a few of the world's best-known female security executives made it clear that the challenges of yesteryear are dropping away, but that the industry still must do a…

  • RSA Conference Preview: Meet Your Guide

    by Tony Kontzer on April 20, 2015

    Hello, RSA Conference attendees. We probably haven't met before; my name is Tony, and I'll be one of your guides throughout this week. I am one of the contributors to the RSAC editorial team, and this year, we are going to take a different approach on how we cover the conference on the blog. This is a change for me, as in the past, I attended as a member of the technology media. As a journalist, …

  • Pick Out Your Peer-2-Peer Sessions for RSA Conference

    by Fahmida Y. Rashid on April 17, 2015

    If you are interested in sitting in a room digging into a specific security topic with other people, the Peer-2-Peer sessions are for you. The goal is to get peers—people in other organizations with similar job functions and roles—in one place so that everyone can share what they are doing and have learned. Wondering which conversation will be the most relevant to your job role and concerns? We…

This document was retrieved from on Sun, 29 Nov 2015 03:43:17 -0500.
© 2015 EMC Corporation. All rights reserved.