Have you ever joined a security organization after it lost credibility within the business (for instance, after a major breach)? What did you do to build it back up?

Security & GRCSecurity Strategy & Roadmap
3k viewscircle icon1 Upvotecircle icon3 Comments
Sort by:
Senior Information Security Manager in Software3 years ago

Not directly.

But some years ago I was involved with the ISSA Generally Accepted Information Security Principles (GAISP)  project.
Since it was 100% volunteer-based and had no real leadership, it just sort of petered out.

Lightbulb on1
CIO in Government3 years ago

I myself have not been involved with an organization that has had a major security problem. Helped an organization with a security (ransomware) problem. Most important was solving first. Provide the right information to the public and, after recovery, communicate openly and transparently about the attack, the steps taken and the approach to recovery. Of course within the standards of security and privacy. This restored confidence in the organization and normal services were quickly restored.

Lightbulb on1
Senior Director Engineering in Travel and Hospitality3 years ago

Not a security organization, but in the past I have joined a place which had lost its reputation due to other reasons. Its almost like building it back from scratch, like any startup would. Take small steps in building trust, and ensure you pay high level attention to customer retention. If you are truthful and open, people will gain back trust.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

What's your experience with SAP ERP on Prem security testing? What kind of engagement did you choose for your SAP landscape—was it a deep-dive technical System Audit, a full-scope Red Team scenario, or something in between? What was the 'why' behind your decision, and what were your key takeaways?

Have you tested any AI-enabled cybersecurity solutions that promised significant improvements but failed to deliver measurable outcomes? What were the key lessons you learned from that experience?

Read More Comments

Which of these areas are you targeting for funding increases in your 2026 cybersecurity budget? (Choose all applicable)

Threat detection & response 45%

Identity & access management 58%

Cloud security 47%

Security awareness training 25%

Other 4%

N/A

View Results

If two RFP bids are neck-to-neck on core requirements, which factor becomes the ultimate tie-breaker?

Proven outcomes – Documented success stories and measurable KPIs32%

Implementation confidence – Detailed plan, risk mitigation, and resource readiness41%

Total cost – Clear TCO, price protections, and exit terms40%

Innovation & future readiness – Ability to scale, adapt, and support emerging needs15%

Vendor relationship strength – Cultural fit, governance model, and executive commitment16%

View Results