Your SlideShare is downloading. ×
So You Want to be the CSO by Daniel Blander
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

So You Want to be the CSO by Daniel Blander


Published on

So You Want to be the CSO by Daniel Blander

So You Want to be the CSO by Daniel Blander

Published in: Business, Economy & Finance

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Daniel J Blander
  • 2.  Introduction Defining Successful CSO D fi i S f l CSOs Our Mistakes Making the Change Summary - Q&A
  • 3.  Daniel Blander • 24+ years in IT and InfoSec 24 • Application, System, Network, Consultant (and CSO) • A couple FFLAs • Organizer of: • Started as an Architect (buildings) • Researching & Writing a book “So You Want to Be the CSO…”
  • 4. “…if you ever touch the ifkeyboard again, you’refired.fired ”
  • 5. “Strive not to be a success, but rather to be of value.” - Albert Einstein be t ste
  • 6.  Executive support Support across organization Balance risk and business Effective communicator / “influencer” Included, listened to in strategic meetings Enables collaborative problem solving
  • 7. “ No one ever taught us to be influential instead of authoritarian.” - Eric Cowperthwaite
  • 8. Professional deference P f i ld f “ We need to force the users to do it!” W dt f th t d“ If I were in that meeting I would have told them what their problem is!” “ It’s not my job…it is their responsibility to fix it!” “ The CSO must report to the CEO!”
  • 9.  Trust Respect Communication Collaboration== Job Search
  • 10. “ Security is about eliminating risk. Business is about taking risk to make money See how those are a perfect match?” money. match? - @shitmycsosays
  • 11.  Small Company – PCI Me: You have to fix everything. Owner: But I don’t see why…that’s a lot of money. don t why…that s Me: But you have to do it… Owner: Why? What if I don’t? I take risks all the time.“ I don’t need to go to Vegas to gamble. I gamble with my business every day! ”
  • 12. “ We have to accept that it’s not our risk tolerance that matters it s … It’s the person accountable for the risk at the end of the day. day And until you overcome that you’re almost a barrier to you re what you’re trying to achieve.” -Chris H Ch i Hayes
  • 13.  Mistake: Pre-conceived CSO Success: Enterprise Risk Management • ERM = Business Risks (macro-risk) B i Ri k ( i k) • ERM <-> InfoSec as BCP <-> DR • Collaborative definition of Risks across the organization • Business groups own their business risk • ERM defines role of Information Security – may not be CSO y y
  • 14.  Chief Risk Officer • Engineering & Operations distributed to individual owners • CRO is evangelist, consultant, policy • E Executes as part of ERM group f IT Security, CSO, ISO • O ns en ineerin and O erati ns Owns engineering Operations • Executes as part of IT organization
  • 15. “We are born with two ears and one mouth so we may listen more and talk the less.” less. - Epictetus ( p (Stoic p philosopher) p )
  • 16.  Bad Communication: “They h ld know what to d ” “Th should k h do” Good Communication: • Speak at your audience’s level • The medium is the message. • Align What you Do with What you Say. g y y y
  • 17.  Expose Inferences & make your ideas explicit Allow your id All ideas to be challenged t b h ll d Test competing views and their impact Do so in a “blameless” environment (Ladder of Inference – Chris Arygris, Donald Schön)
  • 18. “To lead people, walk beside them.” - Lao-Tzu
  • 19.  Understand People’s Motivations & Priorities Step Up and Reach Out Make Their Problems Yours Help Outside the Box Result: Rabid Fans! Emotional Capital.
  • 20. “You may barely be real to the people above you in an organization if you don’t find a way to improve their don t lives.” - David F. D’Alessandro
  • 21.  Solving problems is always an act of design • 2 Million solutions 1 million right ways to do it solutions, Work towards a goal other than your own • Think of the Organization’s goals and give back Collaborate C ll b t on Solutions S l ti • Include the team and let your ideas be challenged Learn to let go of old ideas • A good leader knows learning is a sign of strength strength.
  • 22.  You lead from a role, not a title Create C t cross-company support t Influence inclusion & participation Risk Ri k managed at organizational l l d i i l level Not trying to be “100% Secure” y g Be willing to let go
  • 23.  Find Your Role Be the Communicator Build Your Emotional Capital Collaborate Problem Solve C ll b t & P bl S l
  • 24.