#86 - The CISO MindMap (with Rafeeq Rehman)

This episode features Rafeeq Rehman.  He discusses the need for a CISO Mindmap and 6 Focus Areas for 2022-2023: 1.  Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis and identify critical processes, applications and data. 2.  Reduce/consolidate security tools/technologies and vendors. More tools don’t necessarily reduce risk but do add the need for maintaining expertise on security teams. 3.  To serve your business better, train staff on business acumen, value creation, influencing and human experience. 4.  Take an inventory of open source software (standalone and libraries) and make it part of your vulnerability management program. 5.  Build team expertise in technology fields including machine learning (ML) models, model training, API security, service mesh, containers, DevSecOps. 6.  Maintain a centralized risk register. Even better: integrate into your enterprise risk management program. Track risk for technology, insiders, processes, third parties, compliance and skill gaps. Links: CISO MindMap Link CISO MindMap 2022 Recommendations Link Information Security Leaders Handbook Link Cybersecurity Arm Wrestling Link