What led you to get involved in multiple CISO communities?

965 views2 Comments

Sort by:

Director of IT in Software3 years ago

My main reason is the chance to learn from peers and industry leaders and share my experience and knowledge.

SVP, Chief Information Security Officer in Education3 years ago

I like sharing whatever I can to add value. But to me, it's a bidirectional activity. No matter how many years you've been in this industry, there's always something to learn. There's always a different perspective to absorb and I find that bidirectional exchange to be critical, even in terms of my day-to-day operations.

One of the coolest things that drives me to get involved in different organizations is the sector specializations that appeal to specific populations. For instance, in New York, you find a more financial sector type of perspective. Down here in North Carolina, there's more of a healthcare perspective. On the west coast of the US, you're probably going to find more of an entrepreneurial perspective. Each one of those presents an awesome dynamic to bring together and learn from.

Content you might like

Seeking input: Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.
Scope includes Environment Setup:
Cloud provisioning, configuration, testing.
Connectors/Parsers: Custom data source integration.
Content Development: Rules, use cases, threat feeds.
Performance Tuning: Query/index optimization.
Runbooks: Operational procedures.

Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.
Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

When was the last time your company had a Cyber Health and Wellness assessment which involves compliance?

12 months ago18%

6 months ago58%

3 months ago17%

1 month ago5%

View Results

Do you have a cyber security incident response plan in place?

Yes80%

No17%

I do not know2%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What led you to get involved in multiple CISO communities?

Sort by:

Content you might like

When was the last time your company had a Cyber Health and Wellness assessment which involves compliance?

Do you have a cyber security incident response plan in place?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go