Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved. It has been polluted for decades by arbitrary and simplistic views on “separation of duties” and alleged “conflicts of interest”. But those views often come from sectors of the corporate spectrum with a fairly theoretical idea on how an organisation should operate, and rarely reflect the reality of how large organisations function.
Bottom line – WiP limits must be applied to improve flow of the delivery of value. It’s a key lever to improve the performance of Scrum Teams. Here we prove it. Part 1 of 3…
Surveys suggest that the average tenure in a CISO position is around 2 years. Nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term
The GDPR is not just about Security, but it has been dominating the life of many CISOs since last year. What does that mean in practice for the CISO? and why would a CISO be worried?