Ok, short thread about why this could be an ecological and cultural disaster. I'm on the beach, so this might be a bit slow..

Happy #FF! If you're not already... Give these fine folks a follow! briankrebs Accidental CISO 𝗛𝟯𝗞𝗧l𝗖 TheHiddenCISO - Looking for Something New Nega CISO 🏁 Lisa Forte 🇺🇦 SMB CISO 🌻 Tarah M. Wheeler @CisoHelen [email protected] Shira Rubinoff

'I accept the risk' does not mean what you think it means...

sm0kem SAINTCON Accidental CISO 🇺🇦 SMB CISO 🌻 J Wolfgang Goerlich MΣZ There's a lot of talk about separation from companies and their leaders that won't acknowledge and treat cybersecurity as an enterprise risk not an IT risk.

Dealing an auditor who doesn’t seem to get that we made our own assessment of a finding from a pen-test report from High to Low to put in our Risk Register. The pen test summary even called out likelihood to be extremely low of exploitation.

Struggling on why to renew my ISC2 and ISACA memberships and pay maintenance fees for the certs… not really seeing value on maintaining and the laborious CPE details to submit (and audits of)are not valuable use of my time as an executive practitioner. Needs to be a better way.

New auditor request. Contracts e/ a value of $250k or more a year, and or termination which could lead to a loss revenue or cost to us of $250k or more a year. Ok, get baseline annual cost, when when speaking of revenue loss, please define a time-period; day, week, year?

🧵

Oh my unread book collection grows almost weekly 😪 shakes fist at Nega CISO 🏁 chris_foulon Accidental CISO Zate

Had a really positive day people wise. Two colleagues from different parts of the org (1 Health & Safety officer, 1 QA tester) want do do work experience with my team as want a future career in #infosec. We are happy to accommodate. Internal career development should be supported

I wish there was a way to reuse slides between powerpoint, in such a way when the original is updated the copied slide updates as well. I’m huge on reusing material, but finding original..need like a repo to fork things from and compile a presentation.

I have an odd desire to blow the leaves on our lawn back to my neighbors property as I don’t have a tree and it’s annoying to pick them up.

Everyone is making it up as they go The question is whether you are making it up from experience and/or validated knowledge, or from incomplete knowledge, misperceptions, and myths

Users when presented with an Appropriate Use Policy:

For a company, I’m forgoing income/others expenses, that has say 100 people, say each making $100k annual, with a bi-monthly payroll(24/yr), that’s $500k a payroll. Where can you ‘safely’ store your $10m, so as not at risk due how banks manage the cash on your behalf?

Leaving current CISO role is bittersweet. Was chatting with one of my reports the other day, and he had no idea of some of the politics I was dealing with. But as the team leader, it was my job to create as safe an environment as I could for them to be successful.

I’ll take TPRM vendor for $800. Yea, seeing those LinkedIn posts last week from the CEO & Founder, made me really not a fan.

A lot of people forget, as a leader, like a CISO, we’re not the real doer’s of the function. We’re the team coach, and server a different role and purpose than the team players who do the execution of the plan.

It’s 90F and sunny and two kids just asked for hot chocolate. Not chocolate milk with ice cubes, but hot, with marshmallows…