Becoming relevant…

Filed by JonesJ | 6 comments


  • Just a short note to let you know that I’ll be giving a webinar for BrightTALK’s Risk Management Summit on August 27 (http://www.brighttalk.com/summit/riskmanagement).  The topic will be a “case study” of the benefits and challenges I encountered while transforming an infosec organization into a information risk management organization within a Fortune 100 financial services company.  Needless to say, some parts of it may be a bit… umm… controversial.  Hope you can join us.

    Cheers,

    Jack

    Posted on August 4

    • 6 comments

    1. Marty Aug 18

      You know I want to be there for this one!

    2. Phil Agcaoili Sep 29

      Hey Jack. I couldn’t make it to this discussion.

      Can you share your key points?
      I’d like to especially know the controversial bits.

      Thanks,
      Phil Agcaoili

    3. Jack Sep 30

      Hi Phil,

      Thanks for asking. Actually, you can still view the webcast on BrightTalk. I believe the URL is http://www.brighttalk.com/webcasts/5118/play.

      Bottom line — I talked about some of the challenges I experienced in the past when I was “old school” security, and how much more effective I became when I took a risk-focused approach. Of course, by “more effective” I mean that management took me more seriously and was more engaged and supportive. This translated into having more influence and getting far more done than when I believed (fantasized) that as a CISO I actually had the authority to say “no”.

      It boils down to the fact that, at the end of the day, management doesn’t care about security — they only care about how frequently bad things happen and how bad they are when they do happen (i.e., risk). As a result, security’s value proposition only exists in the context of risk, and if we want to be viewed as relevant we need to recognize that.

      I also talked about some of the challenges associated with taking a risk-focused approach, and how although some of those challenges are non-trivial, they are surmountable.

      Anyway, I hope you find the webcast worthwhile. If you’ve been following this (now largely dormant) blog for a while, much of the webcast will be familiar to you.

      Be forewarned that toward the end of the webcast I was running out of time and started to talk pretty fast in order to get finished. Didn’t go over well with everyone….

      Best regards,
      Jack

    4. Phil Agcaoili Oct 1

      Thanks Jack.

      I remain a steadfast believer in your approach. I live and die by it every day trying to effectively articulate the risks to the leaders of the brand that I defend.

      People are listening to the risk message. Don’t give up. Adapt. Persevere.

      Best,
      Phil Agcaoili

    5. Jack Oct 3

      Thanks Phil. I’m nothing if not persistent!

      Cheers,
      Jack

    1. Interesting Information Security Bits for 08/05/2009 | Infosec Ramblings

    Leave a reply