ciso survival guide: how to thrive in the c-suite & boardroom€¦ · ciso survival guide: how...
TRANSCRIPT
![Page 1: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/1.jpg)
Chris Wysopal
Co-founder, CTO & CISO
Veracode
October 20, 2015
CISO Survival Guide: How to thrive in the
C-Suite & Boardroom
![Page 2: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/2.jpg)
2
•
•
•
•
Chris Wysopal, CTO, CISO & Co-Founder
![Page 3: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/3.jpg)
3
•Boards are concerned with Cybersecurity
•NYSE Survey Results
•Communicating today’s risks to the board
•Communicating security posture to the board
Agenda
![Page 4: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/4.jpg)
4
Why are boards concerned about security?
![Page 5: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/5.jpg)
5
Why are boards concerned about security?
![Page 6: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/6.jpg)
6
Cybersecurity in the boardroom survey
Board Members
Industries
Multiple Boards
200
6
69%
![Page 7: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/7.jpg)
7
NYSE Survey Results
![Page 8: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/8.jpg)
880% of respondents discuss cybersecurity at most or all boardroom meetings
![Page 9: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/9.jpg)
9The Ideal CISO Builds Upon Technical Skills
![Page 10: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/10.jpg)
10More than 70% indicated they have significant concerns about risk from third-party software
![Page 11: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/11.jpg)
11
A CISO's Perspective on Talking to the Board About Cybersecurity
![Page 12: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/12.jpg)
12
•No longer a back office technology expert
•Business leader that is strategic
•Needs to communicate across company leadership: IT, Legal, Risk, LOB, PR
•More visible role
The CISO’s role is changing
![Page 13: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/13.jpg)
13
What is the Board’s Role?
The Board is not the executive.
They don’t make decisions.
•Represent shareholder interest
•Appoint executive management
•Support exec in strategy development and implementation
•Test quality of execs implementation
•Place company direction and performance in context
![Page 14: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/14.jpg)
14
NACD Guidance on Cybersecurity
•Enterprise wide risk management issue
•Legal implications
•Needs regular and adequate time on the agenda
•Need specific plans associated with each risk
approach
![Page 15: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/15.jpg)
15
• No longer just an audit function
• Discussion on risk and risk posture
• They want to know what are the odds
our company with experience a
damaging security breach and what
are we doing to prevent that
• Answering at right level can gain
confidence in your security agenda
• Breach readiness and breach
response are hot discussion topics
Meeting Board Expectations
![Page 16: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/16.jpg)
16
• You will only get 5-15 minutes devoted to the
cybersecurity topic
• Prepare an appendix for anything beyond a few
key indicators
• Do not use acronyms - think “denial of service”
not DDoS
• Use visuals not text
• Use numbers, especially dollars if possible
such as losses from public data breaches
• Use analogies
Communicating with the Board
Build Trust
![Page 17: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/17.jpg)
17
• Ask the question, “What do you
want to get out of your information
security program?”
• Concepts to get across:- There is no sure thing as a breach free
organization
- Cyber security is a company wide responsibility: IT, Legal, Risk, LOB, PR must become involved
- Cyber security needs to be thought of as a long term strategy of survival of the brand
Communicating with the Board
![Page 18: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/18.jpg)
18
•Breaches in similar industries
•Key trends in successful attacks
•Who is out to attack OUR
company
Communicating Today’s Risks
![Page 19: CISO Survival Guide: How to thrive in the C-Suite & Boardroom€¦ · CISO Survival Guide: How to thrive in the C-Suite & Boardroom. 2 • • • • Chris Wysopal, CTO, CISO & Co-Founder](https://reader035.vdocuments.mx/reader035/viewer/2022070111/605054698677622dc60df690/html5/thumbnails/19.jpg)
19
• Describe top 5 cyber risks the
company faces and the risk
indicators that signal the company’s
level of exposure to them
• Identify if risk indicators are trending
up, down or remaining flat
• Explain how the company is
managing security risks and keeping
them within acceptable limits
• How do we compare to peers?
• Use industry benchmarks if available
Communicate Risk Posture