The 10 Tenets of CISO Success Frank Kim Presented at RSA

Share and earn Cybytes
Facebook Twitter LinkedIn Email

by Bricata

There are three ways to obtain wisdom.

Imitation – the easiest way;

Reflection – the noblest way; and

Experience, which is often the bitterest way.

That’s how Frank Kim of ThinkSec opened his presentation – 10 Tenets of CISO Success – at the RSA Conference 2018 in San Francisco. Mr. Kim is a former CISO for the SANS Institute and built a security program for the healthcare company Kaiser Permanente.

His presentation was fast-moving and focused on leadership and communications techniques any modern security leader would find useful. Many of his ideas are actionable – with tips and examples ranging from the slides a CISO needs to brief the board of directors – or to make an effective pitch for the security budget.

Our takeaways on his 10 tenets follows.

1) Catch the culture.

A security leader Mr. Kim once knew began a new role as a CISO who set an ambitious goal of changing the business culture around security. That CISO didn’t last, as the organization “chewed him up and spit him out.”

Instead of trying to change the culture, Mr. Kim suggests CISOs first try to understand it. When you understand the culture, you are in a better position to influence behavior change and choose security strategies that are best aligned with the corporate culture.

2) Relate to risk.

Business has never been more reliant on technology and continues to add new enabling technologies – even as threats like advanced persistent threats (APTs), organized crime, and nation-state attacks grow. The risk gap is widening, as some market researchers forecast the cost of cybercrime will reach more than $1 trillion.

Yet the business needs these enabling technologies to remain competitive. Therefore, the task for security leaders, according to Mr. Kim, is to figure out how to say “yes” to some of these tools, while also understanding them in relation to the modern threat landscape.

3) Create credibility.

Security leaders can create credibility by comparing how their organization stacks up against competitors, or against other industries. That is why benchmarks and standards are so important to illustrate how your organization security stacks up. Business leaders recognize that security is important – but what they really want to understand is whether the organization is spending too much or too little relative to peer-businesses.

To read the entire blog, please click here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?