Enterprise Security Leadership: Security Management AMA

Key Takeaways 1. As a CISO, is it good to work for one company, or move frequently between companies? Consider depth vs breadth and evaluate having expert knowledge vs competitive compensation. 2. When a CISO is starting out, what should be focused on during their first year with a company? Pick something and focus on it until it's better than it was, and move to the next. 3. Are there useful risk metrics for leadership teams? The 5 C-Model (Complexity, Consequence, Conflict, Communication, Controls) 4. What tools are helpful to demonstrate alignment between business and infosec? 5. How do you balance between management skills and hands-on tech skills? There's always one that will be stronger for each person. 6. What advice could you give someone wanting to create a cybersecurity startup? The "Why" should always come first. 7. What are the pros/cons of a cybersecurity maturity model approach to communicating and managing cybersecurity risk? 8. How to approach difficult problems from a security executive's point of view. 9. Is specialization an asset? Dive into specialization vs generalization and determine what is most valuable to you. 10. Should breach notifications be mandated at the state or federal level, or both?