So You Want to be the CSO by Daniel Blander
description
Transcript of So You Want to be the CSO by Daniel Blander
![Page 1: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/1.jpg)
Daniel J Blander
![Page 2: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/2.jpg)
Introduction
D fi i S f l CSO Defining Successful CSOs
Our Mistakes
Making the Change
Summary - Q&A
![Page 3: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/3.jpg)
Daniel Blander• 24+ years in IT and InfoSec24 years in IT and InfoSec
• Application, System, Network, Consultant (and CSO)
• A couple FFLAsA couple FFLAs
• Organizer of:
• Started as an Architect (buildings)
• Researching & Writing a book “So You Want to Be the CSO…”
![Page 4: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/4.jpg)
“ if you ever touch the …if you ever touch the keyboard again, you’re fired”fired.
![Page 5: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/5.jpg)
“Strive not to be a success, but rather to be of value.”
- Albert Einsteinbe t ste
![Page 6: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/6.jpg)
Executive support
Support across organization Support across organization
Balance risk and business
Effective communicator / “influencer”
Included, listened to in strategic meetings Included, listened to in strategic meetings
Enables collaborative problem solving
![Page 7: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/7.jpg)
“ No one ever taught us to be influential instead of authoritarian.”
- Eric Cowperthwaite
![Page 8: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/8.jpg)
P f i l d fProfessional deference
“ W d t f th t d it!”“ We need to force the users to do it!”
“ If I were in that meeting I would have told them what their problem is!”
“ It’s not my job…it is their responsibility to fix it!”
“ The CSO must report to the CEO!”
![Page 9: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/9.jpg)
Trust
RespectRespect
Communication
Collaboration
== Job Search
![Page 10: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/10.jpg)
“ Security is about eliminating risk. Business is about taking risk to make money See how those are a perfect match?” risk to make money. See how those are a perfect match?
@shitmycsosays- @shitmycsosays
![Page 11: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/11.jpg)
Small Company – PCI
Me: You have to fix everything.
Owner: But I don’t see why…that’s a lot of money.Owner: But I don t see why…that s a lot of money.
Me: But you have to do it…
Owner: Why? What if I don’t? I take risks all the time.
“ I don’t need to go to Vegas to gamble. I gamble with my business every day! ”with my business every day!
![Page 12: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/12.jpg)
“ We have to accept that it’s not our risk tolerance that matters We have to accept that it s not our risk tolerance that matters … It’s the person accountable for the risk at the end of the day And until you overcome that you’re almost a barrier to day. And until you overcome that you re almost a barrier to what you’re trying to achieve.”
Ch i H-Chris Hayes
![Page 13: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/13.jpg)
Mistake: Pre-conceived CSO
Success: Enterprise Risk ManagementERM B i Ri k ( i k)• ERM = Business Risks (macro-risk)
• ERM <-> InfoSec as BCP <-> DR
• Collaborative definition of Risks across the organization
• Business groups own their business risk
• ERM defines role of Information Security – may not be CSOy y
![Page 14: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/14.jpg)
Chief Risk Officer• Engineering & Operations distributed to individual owners• Engineering & Operations distributed to individual owners
• CRO is evangelist, consultant, policy
E f ERM • Executes as part of ERM group
IT Security, CSO, ISOO ns en ineerin and O erati ns• Owns engineering and Operations
• Executes as part of IT organization
![Page 15: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/15.jpg)
“We are born with two ears and one mouth so we may listen more and talk the less.”listen more and talk the less.
- Epictetus (Stoic philosopher)p ( p p )
![Page 16: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/16.jpg)
Bad Communication:
“Th h ld k h d ”“They should know what to do”
Good Communication: Good Communication:
• Speak at your audience’s level
• The medium is the message.
• Align What you Do with What you Say.g y y y
![Page 17: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/17.jpg)
Expose Inferences & make your ideas explicit
All id t b h ll d Allow your ideas to be challenged
Test competing views and their impact
Do so in a “blameless” environment
(Ladder of Inference – Chris Arygris, Donald Schön)
![Page 18: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/18.jpg)
“To lead people, walk beside them.”
- Lao-Tzu
![Page 19: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/19.jpg)
Understand People’s Motivations & Priorities
Step Up and Reach Out Step Up and Reach Out
Make Their Problems Yours
Help Outside the Box
Result: Rabid Fans! Emotional Capital.
![Page 20: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/20.jpg)
“You may barely be real to the people above you in an organization if you don’t find a way to improve their organization if you don t find a way to improve their lives.”
- David F. D’Alessandro
![Page 21: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/21.jpg)
Solving problems is always an act of design• 2 Million solutions 1 million right ways to do it• 2 Million solutions, 1 million right ways to do it
Work towards a goal other than your own• Think of the Organization’s goals and give back
C ll b t S l ti Collaborate on Solutions• Include the team and let your ideas be challenged
Learn to let go of old ideasA good leader knows learning is a sign of strength• A good leader knows learning is a sign of strength.
![Page 22: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/22.jpg)
You lead from a role, not a title
C t t Create cross-company support
Influence inclusion & participation
Ri k d i i l l l Risk managed at organizational level
Not trying to be “100% Secure”y g
Be willing to let go
![Page 23: So You Want to be the CSO by Daniel Blander](https://reader033.fdocuments.in/reader033/viewer/2022060115/557cb94ad8b42ab37c8b4d3b/html5/thumbnails/23.jpg)
Find Your Role
Be the Communicator
Build Your Emotional Capital
C ll b t & P bl S l Collaborate & Problem Solve