Jim Richberg – Public Sector Field CISO at Fortinet

Fortinet Field CISO working to bring cybersecurity solutions to industry and the public sector following a 30+ year career driving innovation in cyber intelligence, policy and strategy for the United States Government and international partners.

Served as National Intelligence Manager for Cyber, the senior Federal Executive focused on cyber intelligence within the $80+ billion US intelligence community (IC) annual operating budget. Senior Advisor to the Director of National Intelligence (DNI) on cyber issues. Set collection and analytic priorities for the IC’s 17 departments and agencies on cyber threats.

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Jason Albuquerque

CIO & CSO at Carousel Industries

Matt Alderman

Executive Director at CyberRisk Alliance

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Jason Albuquerque

CIO & CSO at Carousel Industries

Matt Alderman

Executive Director at CyberRisk Alliance

1. Boardroom Perspectives on Cybersecurity: What It Means for You – Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data. CISOs and IT leaders need to report, in quantifiable business terms, the value the organization’s security program delivers based on continuous testing, optimization, and proof of effectiveness. Below are three steps CISOs should take to accomplish this and report in terms that the board and C-suite understand.

   1. Let Intelligence Lead the Way
   2. Validate With Proof of Effectiveness
   3. Report With Confidence

2. ‘Cybersecurity today requires greater digital and business understanding’ – BSI’s Mark Brown discusses current infosec challenges, the need for diversity in cybersecurity recruits, and how he picked up his tech flair from his dad.
3. NIST Releases Preliminary Draft for Ransomware Risk Management – NIST has released a preliminary draft that is open for public comments to address the Ransomware Risk Management issue. The comment period closes on July 9, 2021. According to NIST, the said Ransomware Profile is intended and applicable for organizations that:

   – Have already adopted the Cybersecurity Framework.
   – Are familiar with the Cybersecurity Framework and want to improve their risk posture.
   – Are unfamiliar with the Cybersecurity Framework but need to implement a risk management framework to meet ransomware threats.

4. 12 skills business continuity managers need to succeed – The business continuity, disaster recovery and resilience professions have matured, and face a challenging future. Resilience has taken on various forms, and an evolving set of potential disruptive events face business continuity managers. For those already in a business continuity manager role or looking into one, the following skills are essential:

   1. communication of BCDR plans and standards;
   2. collaborating through diverse channels;
   3. business impact and risk analysis;
   4. project management;
   5. IT skills;
   6. measuring risk;
   7. auditing across a range of BCDR areas;
   8. financial analysis;
   9. emergency management;
   10. consensus-building, for programs and tools;
   11. adaptability to advance BCDR goals; and
   12. empathy.

5. How to succeed in a CIO transition – Companies often search for the right leadership-ready-yet-technically-savvy successor to the CIO in the final months of an executive’s tenure — despite the advantages of succession planning.

   Organizations lean toward selecting outside candidates to fill CIO roles. Four in five organizations selected external CIOs in 2020, according to data from SIM. But tapping a successor internally can ensure preparation and built-in knowledge about business needs without the onboarding outside candidates require.

6. SOC burnout is real: 3 preventative steps every CISO must take – Help Net Security – For those that spend every day as a security professional and for anyone who truly appreciates the demands applied to these essential security team members, burnout is a harsh reality.

   Successful CISOs have a few proactive steps the help prevent burnout:

   1. The CISO makes it clear that the SOC/IR team is empowered to focus on identifying and dismantling adversaries, full stop
   2. The CISO selects security solutions not only based on technology, but also by how the vendor understands his or her challenges and will partner with them
   3. The CISO ensures the SOC/IR team has access to experts when it counts

7. Colorado Privacy Act Inches Closer to Becoming a Reality – The Colorado State Senate approved the “Colorado Privacy Act” on June 8, becoming only the third state after California and Virginia to have a comprehensive data privacy law. The Senate Bill/Act 190 has now been sent to Governor Jared Polis, whose signatures will seal the fate of this act, which would then come into effect on July 1, 2023, unless he uses his veto to stop its enforcement within 10 days of transmission.

   The privacy act will not apply to all businesses operating in Colorado but only to the ones that:

   – Store or process personal data of more than 100,000 consumers annually, or
   – Sell personal data and process or control the personal data of 25,000 or more Colorado resident consumers.

   The Colorado Privacy Act has been drafted in a manner that grants the residents of the state five key rights:

   1. Right to opt-out of the sale of their personal data.
   2. Deny processing of personal data for targeted advertising purposes.
   3. Opt-out of automated profiling that produces legal or similarly significant effects.
   4. Right to access and correct their personal data for any inaccuracies held by the data controller.
   5. Right to get their data in a portable and ready-to-use format and the privilege to erase this personal data from the data controller’s database whenever they wish to.