Essential Attributes of Security Leadership

Since I first wrote this back in 2021 (titled “CISO: Archeologist, Historian or Explorer?”) it seems ever more true that complex and pernicious dependencies are at the heart of most security risks. This is a deep problem for most organizations. So, it is worth a revisit to look at how to manage those dependencies and what leadership attributes are most essential for this. As we’ll see these are a combination of qualities from archeologist to anthropologist.

But first, let’s look at an example that still sticks in my mind as one of the most emblematic of why resolving security issues can be so difficult. A long time ago, I came across this situation in an organization that wanted to upgrade some of the cryptography in a certain directory product from 56-bit DES to 3DES (told you this was a long time ago). This should have been as easy as changing a simple switch and all is well, at least so the vendor asserted. The problem was the update also changed the way some of the file access protocols worked which in turn impacted which version of NFS was needed to be used to permit interoperability with the enterprise Unix environment. So, ok, go upgrade NFS, right? Now the problem was when switching to a new version of NFS it deprecated, in a non-obvious way, some features of an internal proprietary message bus that was heavily relied upon. Super, now plan to make those changes, but to do that caused significant

Read more

Explore the site

More from the blog

Latest News