Exploring information security: What is a Chief Information Security Officer

In the third edition of the Exploring Information Security (EIS) podcast my infosec cohort Adam Twitty and I talk to the Wh1t3 Rabbit, Rafal Los, about what exactly a Chief Information Security Officer, otherwise known as CISO, is.

Rafal Los presenting at BSides Nashville

Rafal Los presenting at BSides Nashville

Rafal Los (@Wh1t3Rabbit) is the Director of Solutions Research at Accuvant. He produces the Down The Security Rabbithole podcast and writes the Following the Wh1t3 Rabbit security blog. On several occasions he's tackled the CISO role within an organization on both his podcast and blog.  I would highly recommend both if you're in the infosec field or looking to get into it.

In the interview Rafal talks about:

  • What a CISO is

  • What role does a CISO fill in an organization

  • Who skills are needed to be an effective CISO

  • The different types of CISOs

Leave feedback and topic suggestions in the comment section.

This post first appeared on Exploring Information Security.

InfoSec links June 25, 2014

Getting Wrapped Around the CISO Reporting Structure Axle - Rafal Los - Following the Wh1t3 Rabbit

CISO's and where they report seem to be up for debate within the infosec community. Should they report to the Chief Information Officer (CIO) or the Chief Executive Officer (CEO). Under a CIO a CISO would have to go through someone who may not share their same concerns to get to the CEO. Under a CEO the CISO doesn't have those concerns but has to be able to express security issues and concerns in terms that a CEO can understand and probably needs a better overall understanding of the business. So where should the CISO report? That depends according to the article and I would agree. As with any security measures, what's right for one organization may not be right for another.

15 Ways to Download a File - Ryan Gandrud - The NetSPI Blog

Ever wonder how you get stuff installed on your computer that you didn't know about and probably don't want. Well here's 15 ways that can happen.

How Not To Respond To A DDoS Attack - Kelly Jackson Higgins - Dark Reading

Distributed denial-of-service (DDoS) are one of the most public attacks out there. The term might not be as well known among the general public but the attack is and attackers are continuing to come up with new ways of executing the attack regularly.  DDoS is here to stay and this article has some pretty good tips on how to handle and, more importantly, how to be prepared for such an attack.

This post first appeared on Exploring Information Security.