Great video Dr. Cole. Just beginning my cybersecurity career. I have a lot of time to get skin in the game but I am gaining a lot of insight on what I should expect to accomplish this position I want for myself.
Very good video and recommend for those that are in senior management and well as those security practitioners to watch. Love the transfer the risk segment. Will watch the rest.
Thank you for the feedback. Many times organizations make security harder than it needs to be but the risk transfer is an easy way to make sure those that have the authority also have the responsibility.
Hi Eric, what advice would you give me as a recently graduated software developer if I wanted to gain the skills required to be a CISO or other positions adept at handling company-wide security? I feel like there is no one path that I see, people come from penetration testing, network, sys admins, devs, etc. So I'm a bit overwhelmed trying to figure out a "career" path. Thank you!
I do disagree with the phone example. The FBI has extracted data from phones that were lit on fire, and can get a warrant to retrieve data from the service provider. Even though something may be non-functional doesn't mean it is secure or that it contains no risk. What is non functioning to a business might be a treasure trove for someone else.
A security control needs to make it more expensive to the adversary than the worth of the data that would be compromised. If you have a nation state as your adversary, then you need to go to great lengths to make that the case.
An ISO is an information security officer. In some organizations “chief” before a title has a special meaning and often has corporate responsibility and/or liability. Therefore in those cases the person who is responsible for security would be given a title of ISO (information security officer) because CISO (chief information security officer) would be to senior.
@ Vic The Chief Information Security Officer is an executive position within a company whose role is to lead the junior Information Security Officers and talk to the CEO.
You need to ensure your functionality is well defined. Then it can only be used in distinct ways, and cannot be abused..... that doesnt imply it's "zero functionality".... so I kinda disagree here, Mr. "CISO".
Always good stuff @Eric! I’m taking a ton of notes.
Great video Dr. Cole. Just beginning my cybersecurity career. I have a lot of time to get skin in the game but I am gaining a lot of insight on what I should expect to accomplish this position I want for myself.
This was hard core and on point, I really learned a lot with this talk. Thanks Dr. Cole!
Glad this was relevant to you.
Very good video and recommend for those that are in senior management and well as those security practitioners to watch. Love the transfer the risk segment. Will watch the rest.
Thank you for the feedback. Many times organizations make security harder than it needs to be but the risk transfer is an easy way to make sure those that have the authority also have the responsibility.
So glad I found this channel. I want to be a CISO one day.
thank you, I really enjoyed , a time well spent.
You're welcome! Glad you enjoyed it.
That's great. Your sharing is so practical and useful.
Glad it was helpful! Thanks for watching!
This was an awesome video Dr. Cole, I really hope you release at least 10 more of these 30 min videos :-)!!!
That's the plan! thank you for watching.
I agree with what Dr. Cole mentioned. AM
Thank you for watching
Wowwww... great point for my future interviews
if you can achive 100% security there wont be a funtionality
Great video 👍 thanks
Thanks!
Great Video
That's very nice of you to say.
Great introduction Eric, I'm following your work and look to forward to more CISO knowledge. Take care
Hi Eric, what advice would you give me as a recently graduated software developer if I wanted to gain the skills required to be a CISO or other positions adept at handling company-wide security? I feel like there is no one path that I see, people come from penetration testing, network, sys admins, devs, etc. So I'm a bit overwhelmed trying to figure out a "career" path. Thank you!
Thank you so much
You're most welcome! Thanks for watching!
Now this is an INTRO! HAHAHAHAHA Great job! wow.
Thanks for watching!
I do disagree with the phone example. The FBI has extracted data from phones that were lit on fire, and can get a warrant to retrieve data from the service provider. Even though something may be non-functional doesn't mean it is secure or that it contains no risk. What is non functioning to a business might be a treasure trove for someone else.
Thanks for sharing your opinion :)
A security control needs to make it more expensive to the adversary than the worth of the data that would be compromised. If you have a nation state as your adversary, then you need to go to great lengths to make that the case.
Hey sir love from india . And I'm just 12 passed i wanna become a ciso can you share best roadmap
5:10 oh god
lol Buffet definitely invested in Bitcoin , great video tho
either he is playing the upside or the downside cause hes got connections.
The bodyguard humble brag 🤦♂️
That mobile example is just a waste of time.
He looks stressful and pressured! LOL!!! CISO?!?!
The real question is what is an ISO?
An ISO is an information security officer. In some organizations “chief” before a title has a special meaning and often has corporate responsibility and/or liability. Therefore in those cases the person who is responsible for security would be given a title of ISO (information security officer) because CISO (chief information security officer) would be to senior.
Thanks for the reply Dr. E. What about organizations with both a CISO and ISO? Is this somewhat redundant?
@ Vic
The Chief Information Security Officer is an executive position within a company whose role is to lead the junior Information Security Officers and talk to the CEO.
You need to ensure your functionality is well defined. Then it can only be used in distinct ways, and cannot be abused..... that doesnt imply it's "zero functionality".... so I kinda disagree here, Mr. "CISO".