*CISO is all about understanding, managing, mitigating & accepting RISK. *Security engineers speak techie & they don't understand about risk acceptance. *CISOs speak business & understand business & recognize that there are times where we need to accept risks (or risk-based decisions). *Oneself needs to know what he/she loves to do! *CISOs help business decision makers (them) find risks related to operations, then let them decide. *CISOs do simple analysis: walk into a meeting and say: great, I heard that you are rolling out a new system/product/feature and you want me to evaluate it, what value/profit is this bringing to the organization? quantitative or qualitative. Second: what is the risk or exposure or impact that could happen by doing this system/product/feature? NOW is the value & benefit worth the risk & exposure? now this is a business decision.
*CISO is all about understanding, managing, mitigating & accepting RISK.
*Security engineers speak techie & they don't understand about risk acceptance.
*CISOs speak business & understand business & recognize that there are times where we need to accept risks (or risk-based decisions).
*Oneself needs to know what he/she loves to do!
*CISOs help business decision makers (them) find risks related to operations, then let them decide.
*CISOs do simple analysis: walk into a meeting and say: great, I heard that you are rolling out a new system/product/feature and you want me to evaluate it, what value/profit is this bringing to the organization? quantitative or qualitative. Second: what is the risk or exposure or impact that could happen by doing this system/product/feature? NOW is the value & benefit worth the risk & exposure? now this is a business decision.
Love the sky diving and football references! What a great way to tell which type of person you are.
Thank you Mr. Eric.
Thank you Eric.
👏🏻