RISK & CYBERSECURITY

At some point every leader needs to ask themselves: Do I really know what is going on in my company? Do I even know what is really going on in my own organization? Most leaders do not know the actual truth of what is happening. This is not because people are overtly hiding things or that leaders are ineffective, although sometimes it is both of those, but rather this is because of the “thermocline of truth” that I covered in this post. Organizations are full of cultural, stru

We all need to advance our businesses and that is in many respects about selling. We also need to recognize that security and reliability are increasingly the path to sustainable long term customer success - which is your success. This is where the Field CISOs come in. There are many more people that are becoming, so called, Field CISOs and many more organizations that are creating Field CISO teams under a variety of structures and names. Let’s look at what Field CISOs are,

I first wrote the original of this post over 4 years ago. Having seen a new spurt of discussion about organization politics in various on-line and in-person forums I thought it was time for an update. At every stage in your career and in every part of your role you are going to have to deal with organizational politics. People often construe such politics as inherently negative. Yes, there are some organizations that have toxic cultures where organizational politics looks mo

Some time ago I saw a comment about the distinction between acting like a “watchmaker” or a “gardener” when undertaking organization transformations. I misplaced the original reference so, unfortunately, I can’t credit appropriately. But, I’ve been thinking a lot about what this would mean in the context of security leadership. Specifically, should the CISO be a watchmaker or a gardener, or both? The Watchmaker CISO: Precision and Control Imagine a master watchmaker, meticulo