We got asked by a listener to help answer the question, "Why Does My CISO Hate Me?" While we may not be privy to the exact situation in play there, we are pretty sure that no one's CISO truly hates them (but they may not be fond of all the things that everyone does all the time). In the debate today, we talk about some of the things that challenge CISOs including:
Security is more than just confidentiality... there's also integrity and availability
Undocumented processes and changes make it hard to figure out where things go wrong
Security is a bidirectional partnership, not an Q&A/task queue from the rest of the organisation, nor the acceptor of risks
Please ask questions if you are concerned about something or want more info, or even if something sort of smells fishy (or phishy). There are no such thing as stupid questions, only unasked ones.
We also highlight a number of the things that CISOs and security teams can improve on to build better and stronger relationships across the organisation, too, such as:
Better listening and asking good questions
Understanding the business through servant leadership
Helping to determine what is most important to the business (and what needs to be protected)
We are all heading toward a common goal, so let's work together to accomplish it!