Why CISO’s Fail, in the words of the author, Barak Engel
Information security is now a really big deal, yet we keep screwing it up. Big breaches are in the news every day, and they are only the tip of the iceberg. Security leaders average less than two years in tenure, and job satisfaction – their own, and others’ of their performance – is lower than that of watching paint dry. Fingers go ablamin’, but in security we just end up pointing them elsewhere.
Why? and more importantly, what can we do about it?
Claimed in its origin by many cultures, the ancient saying “The Fish Stinks from the Head” applies to the emerging discipline of information security, just as much as it does to organizational rot and mis-development. Providing a useful guide for an irreverent look at ourselves, the speaker in this open-to-the-audience talk will touch on both the “why” and the “what to do” parts, while doing his best to make you laugh.
Real-life experiences, both amusing and embarrassing, will be shared liberally.
Speaker Bio: Barak Engel is known for having come up with the concept of “virtual CISO” back when security was a four-letter word that no one could spell. He stubbornly insisted, and ultimately developed a consulting practice around it. Almost two decades later his company, EAmmune, develops and manages security programs for organizations, large and small, across all industries. Barak himself has served as CISO for many of them (e.g. MuleSoft), and often for several at once.
In another clear mark of insanity, he decided to write a book about security management while still actively practicing, rather than from the comfort and safety of retirement. The 2017 book, Why CISOs Fail, keeps getting incredible reviews from those who stumble upon it, delighting Barak every time it happens. It also serves as the inspiration for this talk.