#86 - The CISO MindMap (with Rafeeq Rehman)

This episode features Rafeeq Rehman.  He discusses the need for a CISO Mindmap and 6 Focus Areas for 2022-2023: 1.  Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis and identify critical processes, applications and data. 2.  Reduce/consolidate security tools/technologies and vendors. More tools don’t necessarily reduce risk but do add the need for maintaining expertise on security teams. 3.  To serve your business better, train staff on business acumen, value creation, influencing and human experience. 4.  Take an inventory of open source software (standalone and libraries) and make it part of your vulnerability management program. 5.  Build team expertise in technology fields including machine learning (ML) models, model training, API security, service mesh, containers, DevSecOps. 6.  Maintain a centralized risk register. Even better: integrate into your enterprise risk management program. Track risk for technology, insiders, processes, third parties, compliance and skill gaps. Links: CISO MindMap Link CISO MindMap 2022 Recommendations Link Information Security Leaders Handbook Link Cybersecurity Arm Wrestling Link

Om Podcasten

Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a CISO. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.