Advice for a CISO – by Raif Sarica and Şükrü Durmaz
After a few hours' hot discussion about the best advice to give to a CISO candidate, we ended up with just one simple word: awareness. We believe that creating and maintaining awareness among employees of an organization must be the number-one priority of a CISO. From the top management to the front desk personnel at the entrance of the organization's building, a cybersecurity culture and behavior model against the probable threats or risks to the organization's IT infrastructure must be established because employee awareness is the first and most risky line of defense against cyber threats. Before delving into the details, we especially want to put an emphasis on upper management because most executives think that cybersecurity is the responsibility of IT personnel only, and they are free to do whatever they want on their computers because IT personnel will protect them regardless of their mistakes...
