El Diario del CISO El Diario del CISO (The CISO Journal) Edición 21 | Page 4

Influencers Aaron Pritz President AP&A (Cyber Security, Privacy, and Risk Management Boutique Consulting) CISO of Tomorrow The explosion in media coverage surrounding cybersecurity and privacy over the last few years has brought awareness of these risks and incidents to an all-time high at board and executive levels. Still, many question whether the commitments made in this moment of heightened awareness are “real enough” or persistent. Many companies still lump the information security organization into IT (which often has high expectations to cut costs and optimize headcount) The complete article is here Kristin Burnham Seasoned writer, reporter, and content strategis 4 essential CISO skills Facing rampant cybercrime and increasingly complex technology environments, companies are doubling down on security. In many cases, that means elevating the role of the chief information security officer and giving CISOs responsibility for risk management, which has typically been the domain of the CFO. The complete article is here T. Grey, CCISO Technical Leader |Cyber Risk Management |Program Builder |Regulatory Compliance |App Sec |Malware Whisperer |US Expat. Closing The Gap On IT Security’s Business Engagement Problem – Part 1 – The Issue Defined While speaking at conferences or working with cyber teams, people sometimes look at me like I have three heads when I suggest that IT Security teams own very few business processes. This is an important concept to grasp in order to successfully mitigate cyber risk. IT security practitioners certainly own some very specific processes and some seem to have been delegated to IT security in a de facto way but the reality is that most business processes that need to be secured or matured are owned elsewhere. The complete article is here Helen Patton An Information Security/Risk Professional, interested in how we operate Cyber while the world swirls around us. What makes an effective Security Pro? What Do CISOs Want, Anyway? I spend a fair amount of time with other Chief Information Security Officers (CISOs), discussing Information and Cyber Security, and telling war stories about life in the trenches. As with all professions, there is an external face (what we tell our Boards and Leaders and Customers) and an internal face (what we tell each other). Mostly, these are the same things, just told with different language and perhaps with a different emphasis. Sometimes, they are not the same thing, because we recognize that our non-Security friends aren’t ready to hear what we have to say, or don’t want to hear it, so we don’t waste our breath. I thought I would brain dump a generic list of these things, for your consideration. The complete article is here