On November 21, 2023, the group discussed two Peer Challenge Cases on Reporting to the BOD and Filling Open Cybersecurity Jobs during our cohort.
It’s a PeerRoundtables.com exclusive. Submit your challenge and prosper with peer power by having a team help you solve it. We keep you and your company's identity private, unless you decide to reveal it. We discuss two cases per cohort. It’s been said, “This is a cool way to capture new ideas!”
The group discussed a case where a security team is being asked to increase their visibility and reporting to internal stakeholders. Within the next month they are expected to add reporting to the board of directors.
The group discussed the challenges of communicating cybersecurity risks to non-technical stakeholders and the importance of addressing security holistically.
They shared that you should convey the maturity of your security program. Not as in what you're looking to achieve, but where you are right now and the effectiveness of your current controls, processes, and technologies that you have at your organization.
Be certain to clearly define the threat environment and understanding the organization's risk tolerance when communicating with the BOD. Keep everything financially focused, because that is the main interest of, the board. When they're thinking about cybersecurity risk, it is the financial implications.
An interesting line of discussion formed around the limitations of insurance policies in covering business losses in the face of cyber-attacks and how this might be an important reporting topic.
The group discussed an organization that is being challenged with filling open cybersecurity jobs. They have tried several things including increased pay and incentives, implementing a referral program, improved training, career paths, and considering a mentorship program.
The group discussed new outsourcing models that are being explored by organizations and how organizations are considering changing candidate requirements.
They also discussed how the technology space is innovating every 18 months and that many education programs are teaching six years back. Because of this lag, now might be a good time to hire trainable individuals who have experience in doing something with cyber, and then mentor and develop them.
Learn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.
How to be prepared when the “s” hits the fan
How to be the successful CISO at the time of the storm
The most important things to do to prevent a cyberattack in the first place
Copyright © 2020- Peer Roundtables. All Rights Reserved