Posts tagged CISOs

6 min ICER

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.

8 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.

4 min CISOs

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.

4 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.

5 min Career Development

CISO Guidance on Building the Team: Part II

Haven't read part one [/2015/11/19/ciso-guidance-on-building-the-team] of this blog? TL;DR: * The security talent gap is real. * Creating and promoting strong company culture attracts and retains top performers. * Security professionals should always be actively recruiting – both internally and externally. With that gross oversimplification under our belts, let's start into the next set of takeaways… The job description – it matters. Job descriptions don't just ensure that qualified

5 min CISOs

CISO Guidance on Building the Team

If I had a nickel for every time I read about the “security skills shortage”…well, suffice to say that everyone seems to lament the lack of strong talent in this industry, and the low number of eager young graduates seeking to start a security career. So what better topic to explore by way of follow-up to the 2-part blog [/2015/11/12/security-budget-tips-part-2-from-cisos-for-cisos]: Security Budget Tips from CISOs, for CISOs? (To recap: I'm interviewing CISOs for their guidance on select infos

5 min CISOs

Security Budget Tips [PART 2], from CISOs, for CISOs

CISO Series: Budgeting Part II Hopefully you've read (and maybe even benefitted from) Part I of my CISO Budgeting blog [/2015/11/02/security-budget-tips-from-cisos-for-cisos]. To recap, I interviewed a group of CISOs about how they use budgetary discussions for career growth, and what advice they'd give to others looking to set a budget plan. There were five key takeaways that came out of these interviews; here were the first three: 1. Whatever you do, don't under deliver. 2. Budgets are abou

7 min CISOs

Security Budget Tips, from CISOs, for CISOs

CISO Series: Budgeting I have provided a brief overview of the genesis of the CISO series [/2015/10/27/introducing-the-ciso-blog-series], and now it is time to tackle our first topic: security budgets. Whether you're the CISO of a large public company or leading security at an early-stage startup, rich in headcount or forced to be tight with the purse strings, reporting into the CIO, COO, or elsewhere in the organization, the fact remains that budget conversations are among the most critical and

1 min CISOs

Introducing the CISO Blog Series

Since joining Rapid7 [/2014/01/27/supporting-the-security-community-why-i-joined-rapid7] I've gotten to work on some pretty cool projects, the most recent of which is capturing a body of knowledge for the community… by CISOs, for CISOs. The evolution of the CISO role, of course, is nothing new, and there's plenty of analysis on it for anyone who's interested (for example, Forrester has a great report called Evolve To Become The CISO Of 2018 Or Face Extinction [https://www.forrester.com/Evolve+T

11 min CISOs

Push vs Pull Security

I woke up from a dream this morning. Maybe you can help me figure out what it means. Your company hired me to build a security program. They had in mind a number of typical things. Build a secure software development lifecycle so app developers didn't code up XSS vulnerabilities. Improve network security with new firewalls, and rolling out IDS sensors. Set up training so people would be less likely to get phished. Implement a compliance program like NIST or ISO. And you wanted all of that rolle

1 min CISOs

Security in Energy & Utilities

Energy and utilities (E&U) companies must comply with standards such as NERC, protect their SCADA systems against compromise, and cope with the expansion of the smart grid as home energy systems become increasingly connected to the Internet of Things. So how do these factors impact the daily life of a CISO working in the E&U sector? In the enclosed video, you'll hear firsthand about some of the key security considerations – which include wanting to know what users are doing – as well as about h

6 min CISOs

CISOs: Do you have enough locks on your doors?

In a previous blog post [/2015/07/09/ciso-in-residence-series-shocked-but-not-surprised], I referenced some research on how people plan for, or rather how they fail to plan for, natural disasters like floods. At the end of the blog post I mentioned that people who have poor mental models about disasters fail to prepare fully. I keep coming back to the idea of mental models because it starts to explain why we have such a gap between security practitioners and senior executives. I asked one CISO

5 min CISOs

Insiders and Outsiders in Security

“Those fools. They didn't even bother to do X. And everyone knows you have to do X.” If you've been in Infosec for even a short time, you've seen this sort of statement, whether explicit or implicit, about something in the news. It comes up often after a company has suffered a breach. And it's often true. The company should have done X. Everyone knows you need to do X. Even my dad knows that. But then again, the security people making these comments often work at companies that really should be

2 min CISOs

Introducing the CISO in Residence

At the start of 2010 I started as Twitter's first security hire. You may recall a number of security challenges we were facing at that time. We had to build out a number of teams to deal with the entire spectrum of security issues. Today Twitter has what I believe to be some of the best security people and teams in the industry. Today I'm very excited to be joining the Rapid7 team as its first CISO in Residence. What does a CISO in Residence do? Well, there aren't a lot of examples to go by. T

2 min CISOs

Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"

Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity Awareness month webcast where we were joined by a panel of experts: Brian Betterton - Director, Security, Risk and Compliance at Reit Management & Research Trey Ford - Global Security