Erick Rudiak. CISO. Human.

The "C" Matters or: How I Learned to Stop Worrying and Love the CISO Job

Kofman, Conscious Business, soccer team, sports analogies, budget, goals, culture, CIO, ciso

The job description of the Chief Information Security Officer (CISO) - with emphasis on "Chief" - and where it can effectively report may surprise you.

The second biggest trap in information risk management.

threat model, pyramid, LOA, level of assurance, trim tab, Maslow

A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.

I was wrong (or: five things I learned from Hubbard in 2016)

HTMA, Jaquith, Kaplan, Hubbard

Unlike earthquakes and lightning strikes, for which unimpeachable data exists, information security trends suffer from underreporting, environmental factors and subjectivity that call into question any sort

All* threats are insider threats

threat model, kill chain, insider threat, lockheed martin

In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider. The

A paean to the red team

red team, sports analogies, telestrator, kill chain, graphs, penetration test, threat model

...or "Erick rethinks his position on sports analogies" In "Defenders think in lists, attackers think in graphs, as long as this is true,