Since joining Rapid7 I've gotten to work on some pretty cool projects, the most recent of which is capturing a body of knowledge for the community… by CISOs, for CISOs.
The evolution of the CISO role, of course, is nothing new, and there's plenty of analysis on it for anyone who's interested (for example, Forrester has a great report called Evolve To Become The CISO Of 2018 Or Face Extinction). The mission of this working group is to enable CISOs to connect directly with each other, and although the ultimate goal is to produce content from which others might benefit, by no means does this limit the agenda or impair group members' ability to be forthright and open.
It's a no-holds-barred discussion, and I love it.
Over the next few weeks, I'll be recapping a few of the biggest takeaways from some of these meetings, relating some of the experiences of our members (anonymously, unless otherwise specified), and distilling lessons learned, recommended practices, and other pearls of wisdom.
Those involved in this effort have my most sincere thanks. CISOs are notoriously strapped for time and pulled in many different directions, yet the group has been willing to share their knowledge, recount personal experiences, and tackle key issues. I could write a book on the insights gleaned from these discussions (and I just might!) but for now, blogging should suffice.
First up: security budgets.
If CISOs must learn to speak the language of business leaders, budgeting is a logical starting point. And when I raised this with the group, there was no shortage of feedback and recommendations. So stay tuned for my upcoming posts in this series- if you have any questions or comments, I'd love to hear them.