Questions and Key Takeaways
- As a CISO, is it good to work for one company, or move frequently between companies? Consider depth vs breadth and evaluate having expert knowledge vs competitive compensation.
- When a CISO is starting out, what should be focused on during their first year with a company? Pick something and focus on it until it's better than it was, and move to the next.
- Are there useful risk metrics for leadership teams? The 5 C-Model (Complexity, Consequence, Conflict, Communication, Controls)
- What tools are helpful to demonstrate alignment between business and infosec?
- How do you balance between management skills and hands-on tech skills? There's always one that will be stronger for each person.
- What advice could you give someone wanting to create a cybersecurity startup? The "Why" should always come first.
- What are the pros/cons of a cybersecurity maturity model approach to communicating and managing cybersecurity risk?
- How to approach difficult problems from a security executive's point of view.
- Is specialization an asset? Dive into specialization vs generalization and determine what is most valuable to you.
- Should breach notifications be mandated at the state or federal level, or both?
