CISO ExecNet

Happy Thanksgiving to our wonderful community!

Powerful discussion amongst our CISO ExecNet Atlanta members on their challeneges and methods to lower the risk posed by the Cloud, SaaS, and AI. Thanks to our legal update from Alex Koskey, CIPP/US, CIPP/E, PCIP at Baker Donelson. Also thanks to the industry update from Danielle Russell of Nudge Security What solutions are you finding to reduce your risks in this area?

I was very fortunate to interview Lane Bess in my CISO ExecNet CEO/Founder series. Lane is among the most successful cybersecurity solution leaders in the industry and I am confident you will find his responses to my questions very valuable. Let me know your thoughts.

In this conversation between Aleksandr Yampolskiy and Bill Sieglein from CISO ExecNet, they discuss everything from #trends in the third-party risk space to #entrepreneurship in #cybersecurity. ?? You can watch the complete conversation here: https://lnkd.in/gYJgtefv

Excellent interview!

Is the Zero Trust luster wearing off? Or are we 'all in' and it's just the baseline today? Will SASE and Zero Trust framdeworks be the best way to control a perimeter-less environment going forward? These are the questions we will discuss in our first CISO ExecNet series of member roundtables in 2025. Who will emerge as the leaders in this new perimeter-less world? Palo Alto Networks Check Point Software Cato Networks Zscaler Okta Beyond Identity CyberArk Forescout Technologies Inc.. Who am I missing? If you are one of the many cybersecurity solution providers who thinks they have the path forward for #zerotrust and #sase and all the other solutions that will impact the perimeter-less environments, give us a call. Perhaps you are the right vendors to participate in these roundtables and educate our US CISO members. Reach out to [email protected] to learn more.

Danielle Russell Nudge Security sharing with our CISO ExecNet Dallas members that over 90% of SaaS usage is instigated outside of IT. A sobering message. Thanks Nudge Security

Tamir Samman of Doppel sharing his insights about AI borne social engineered attacks and how to defend against this vector. Our CISO ExecNet Dallas members learning from each other and Doppel

What does the growth of AI mean for cybersecurity? “CISOs have to reconcile the investments they've made, the technology they have, and then figure out how AI is going to act to their benefit,” said Lane Bess, CEO of Deep Instinct, a company applying deep learning to cybersecurity. Lane is a force in the industry, having served in top roles at Palo Alto Networks, Zscaler, and investing in and advising numerous startups. He has been at the forefront of many waves of innovation, from firewalls to the cloud, and his work today in data security and AI. Along with AI, we talked about what it takes to cut through the noise in cybersecurity. Hint: Great technology isn’t enough! Lots of valuable lessons here for CISOs and startup founders alike! Watch the full conversation at the link in the comments. #cybersecurity #AI #startups

CISOs - BE LESS DISPOSABLE! Over the past year or so I've seen a shift in what our members are taking on in their roles. While CISOs are already overwhelmed and under-resourced, I think these broader roles are even more important than ever. I think this shift is partly because the traditional CISO role seems to be under attack. I've seen members lose their jobs when the CISO role is eliminated, not to be replaced. This is happening largely in un-regulated industries, often as companies downsize their staffs in an effort to cut cost. While I think this is a risky move on behalf of the companies doing it, I can't fault them for trying to lower their overall costs. Nonetheless I think those companies will come to regret the elimination of the CISO role, in time. The advice I've been giving to members to combat this trend is to "go broader" in their roles. I've suggested they take on parts of IT such as infrastructure, desktop, help desk, and more. I've also recently started suggesting they include "resiliency" in their role. If we took nothing more away from the CrowdStrike issue, we should have learned that outages cost money. What is ultimately included in this resiliency role remains to be seen. I think it will include BC/DR and more to include resilient architecture and design. I've made these suggestions to members because I think it makes them "less disposable". What do you think? Are we wise to spread our wings and make the CISO role broader and less disposable? This is so important to us that we are devoting a series of Regional Roundtables to it throughout the first half of next year. If you are a cybersecurity product or services provider with solutions around cyber-resiliency, please consider participating in those regional roundtables in our sponsorship program. Our members want to better understand how we incorporate this important new areas into their roles. Contact me [email protected] to inquire about being a sponsor for this 2025 series.