Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
There are obvious differences between government policy and organizational policy, but when it comes to crafting information security policies, there are several elements that apply to both sides. Here are some of them.
In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) discuss how CISOs have to establish relationships within their organization to be able to
In this Straight Talk with Real CISOs video for Decipher, Wendy Nather (director of Advisory CISOs at Duo), Chad Loder (CEO and co-founder of Habitu8), and Manju Mude ("Paranoid" Security Leader at Oath) swap stories about their CISO days and the importance of empathy in security.
Armchair risk analysis frequently defaults to "patch all the things," but the data shows that trying to chase after every vulnerability isn't always the best strategy for a CISO. How should CISOs look at Kenna Security and Cyentia Institute's research on what kind of patching model works best?
Technology promised to make things better, but we are getting far less than what we were promised. Add security into the mix, and things have gone terribly wrong in the usability department. We need to look at security as a process and consider the impact of all the steps; not be solely focused on individual steps.