The situation the new CISO finds on arrival is often different to what they were expecting, but who’s to blame?
Way beyond the justification of ad-hoc investments and pet-projects for the CISO, metrics have to be at the heart of the sound security practice, but they must be focused on tracking progress in time in support of a long-term transformative vision.
Are Nexus (Scrum) and Large Scale Scrum (LeSS) related somehow? What do they have in common? How do they differ?
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.