@CaaS@infosec.exchange cover
@CaaS@infosec.exchange avatar

CaaS

@CaaS@infosec.exchange

I am a security advisor working mostly in GRC, I also work as an auditor. My academic background is electronics and my experience in IT infrastructure. I hold the typical professional certifications that are sought as "lettre de noblesse" in this field. My interest resides in expanding my understanding of technology. My aim is to engage with people in the hope we gain mutually and to achieve a positive outcome about protecting information and preserving privacy. Je vis en français et travaille en anglais. My distant second cousin is https://twitter.com/ll_cissp

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

jerry , (edited ) to random
@jerry@infosec.exchange avatar

Given my situation, I am thinking a lot about what makes a good ciso. I don’t think I was particularly good, but that’s another story.

I am curious what the community thinks makes a good CISO, at least from one narrow perspective. Do you think CISOs should be:

CaaS ,
@CaaS@infosec.exchange avatar

@jerry « was deeply technical, then become business aware » is different from marginally technical…

jerry , to random
@jerry@infosec.exchange avatar

I wonder how many security programs are designed around meeting the expectation of auditors, vs designed to protect the environment which is then inspected by auditors 🤔

CaaS ,
@CaaS@infosec.exchange avatar

@jerry I think your question’s basic assumption is that someone was responsible to read the security framework the auditor is using, and I know for a fact that assumption is mostly wrong

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •