Five Ways to Be a More Effective CISO in 2017

The security officer’s role is mentioned alongside other technology roles such as head of IoT strategy, chief data officer and chief digital officer.

The new year is here, and with it comes another fresh wave of attacks, continued strain on resources and the hubbub of everyone returning to the office after a long, much-needed break. The chief information security officer’s (CISO’s) time is as stretched as it has ever been and, most likely, so is his or her attention span. Here’s a short list of priorities for CISOs to keep running in the background. Continue reading at

The Priority of the Government/Industry Cybersecurity Partnership

Information sharing to risk management will help allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, insider threats, and especially denial of service attacks. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes.

The change in the cyber risk environment coinciding with a heightened need for procurement of new technologies and services has created a new paradigm for a cybersecurity partnership between government and industry. The prioritization of that special partnership appears to be in the immediate plans for the new Trump Administration. Continue reading “The Priority of the Government/Industry Cybersecurity Partnership”

Charisma Killed the Cat: Fostering an Effective Cybersecurity Leadership Style

Competing in the global marketplace in 2017 doesn’t come easy. Today’s organizations must deal with global competition and innovation, workforce gaps, a pace of disruption that shows no signs of slowing down and the ever-increasing frequency and maturity of cyberattacks. These factors translate into a lot of stress and very little time to determine the best cybersecurity leadership style to keep the organization safe from the barrage of cyberattacks. Continue reading at

Using Cognitive Security to Fight the Cybersecurity Borg

We are the Borg. You will be assimilated. Resistance is futile.

Organizations today find themselves in a situation not unlike that of the Enterprise crew in “Star Trek.” They are facing a formidable, technologically advanced enemy capable of taking over key components of the organization. In one episode of “Star Trek,” in fact, the Borg collective takes control of Captain Jean-Luc Picard himself, to the horror of his crew. Continue reading at

The cybersecurity priority for DHS in 2017

Because of the exponential growth of the Internet of Things, mobile devices, big data and digital commerce, cybersecurity has grown immensely as a key priority while DHS has assumed more of a formal government role in the civilian cyber arena. Cyberthreat actors include hackers, terrorists, criminals and nation-states.

As one of his first national security appointments, President-elect Donald Trump has selected retired Marine Gen. John F. Kelly to lead the Department of Homeland Security. Kelly is widely recognized for his expertise in counterterrorism, his dedication, composure and intellect. He is especially known for his excellent leadership skills honed by more than 40 years of military service, including as the commander of U.S. Southern Command. Continue reading “The cybersecurity priority for DHS in 2017”

A Human’s Role in an AI-Dominated Cybersecurity World

To think that “more technology” will make us “more secure” – especially if we start to sacrifice basic Internet survival skills…like being able to identify a spearphishing attack…because that had no influence on aaanything in 2016, did it? – we run the risk on having a long-term problem that we may not be able to untangle ourselves from so easily…or ever.

Hello again! It’s been a while, but with the flurry of stories surrounding the Presidential election, I made a conscious decision to stay away from writing.  As of this past weekend, many of you have heard of further claims of foreign interference in the election.  And, as the title of this post suggests, I will not be talking about that!

Fake news, foreign interference, protection of information, conflicting reports, ascertaining intent, spearphishing attacks, typos, and so on will be talked about in one of my later posts, probably early 2017. Despite the hype, I’m actually trying to let the dust settle a bit, in order to present a clearer picture (I hope). Continue reading “A Human’s Role in an AI-Dominated Cybersecurity World”

Recent Attacks Demonstrate The Urgent Need For C-Suite Cybersecurity Expertise

Plans that are most successful often involve the leadership at the top of companies and organizations, commonly referred to as the C-Suite. To carry out plans that rectify potential cybersecurity damages waiting to happen, it is paramount that the C-suite bring cybersecurity expertise to their Boards of Directors and Advisory Boards.

Escalating cyber-attacks on corporations, infrastructure, and organizations have created an environment of uncertainty and, in some cases, panic over the implications of data breaches. Despite the trends of greater frequency, sophistication, efficacy and liabilities associated with incursions, the industry has been mostly unprepared and slow to act.

Tools for hackers have become more readily available, and cyber-criminal gangs are becoming more pervasive and skillful. At the same time, nation-state actors and terrorists are also a becoming a more powerful part of the cyber-threat landscape. The bottom line is that in the wake of these developments, the mindset behind corporate cybersecurity needs to change from passivity to preparedness. Continue reading “Recent Attacks Demonstrate The Urgent Need For C-Suite Cybersecurity Expertise”

Will Vulnerable U.S. Electric Grid Get a New Protection Mandate?

Threats to the grid are multiple and varied. The risk landscape includes cybersecurity attacks, physical assaults on utilities or power plants themselves, and Electronic Magnetic Pulse (EMP) disturbances generated from a geomagnetic solar flare or from a nation-state or terrorist short range missile.

In the new Trump administration, protecting the electric grid will likely be a topic that garners serious attention, owing to President-elect Trump’s stated intentions to invest in upgrading and modernizing America’s energy infrastructure, which dovetails into another of his priorities: a strong focus on national security issues.

The grid itself is critical infrastructure comprising a network of more than 7,650 power plants, which are integrated via 450,000 miles of high-voltage transmission lines. Estimates are that the grid includes 70,000 transformer power substations and thousands of power generating units. The grid is mostly dependent on legacy technologies: 70 percent of transmission lines are at least 25 years old and approaching the end of their lifecycle, and 60 percent of the circuit breakers are more than 30 years old, compared to useful lives of 20 years. The aging infrastructure and increasing demand for power have made the grid susceptible to “cascading failures,” where the failure of one component leads to a series of failures. Continue reading “Will Vulnerable U.S. Electric Grid Get a New Protection Mandate?”

Pivoting Toward Cognitive Security: Benefits and Challenges

Are you ready for cognitive security?

The world we live in today presents enormous challenges and opportunities. Even though organizations have improved their security posture, attackers are still making quick work of getting in and stealing stuff.

Security leaders point to the incremental improvements they have made to increase their incident response capabilities and response times. But while defenders are making progress, albeit slow progress, attackers are keeping ahead, both in terms of attack frequency and their ability to evolve their approaches to thwart defenses and responders. Continue reading at

Cognitive Security Key to Addressing Intelligence and Accuracy Gaps

“Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.” — Joseph Blankenship, Senior Analyst at Forrester Research

According to a recent report by IBM’s Institute for Business Value (IBV) titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System,” security leaders hope to employ cognitive solutions to address a speed gap, an intelligence gap and an accuracy gap when it comes to their ability to detect, analyze, respond to and recover from security incidents. Continue reading at