By Marco Túlio Moraes, CISSP, Director of Information Security, CISO at OITI. Marco is an executive with +20 years of experience in technology, risks and infosec, with 10 years of international experience. He has a multi-industry background in financial, tech, health, retail/marketplace, startups and utilities. Marco developed one of the first cybersecurity programs in Brazil and works as a career mentor, speaker, security evangelist and board advisor.
Developing a security program sometimes feels like trying to solve a 3,000 piece jigsaw puzzle while some people are trying to disturb your focus and the clock is ticking. To make the challenge harder, the big picture you are trying to mirror is constantly evolving.
The common challenges of the CISO go far beyond applying subject matter expertise and require us to apply leadership, strategy, and communication skills to guide the organizational culture and promote business prosperity. Understanding the business, managing stakeholders' expectations, and setting the same risk awareness level across the company are just some examples of the challenges that a CISO needs to address. On the SME role, we usually start with risk assessments and gap analysis, followed by a formal cybersecurity program plan.
No matter how much effort we apply to create the plan, there is always a moment when you realize that the big picture you were mirroring no longer brings value to the business. Mergers and acquisitions, new competition, new applications of tech, and internal business strategy changes disrupt the business landscape, and thus, plans must be adaptive and sustainable. On top of the changing business landscape, new cyber incidents, emerging high risks, new r ..
Support the originator by clicking the read the rest link below.
