Getting the CISO and CIO aligned
I’ve seen poor alignment between the CISO and CIO many times. We want these two executives to be working closely and effectively for the enterprise to function like clockwork. Digital transformation can often lead to natural tension.
The CIO is responsible for delivering the digital customer experience. There is pressure to remove friction from the process and allow new software releases to occur as quickly as possible. In contrast, the CISO is concerned with ensuring that these new releases are security tested for any new vulnerabilities and that our threat model is not adversely impacted by these planned changes.
In the CIO’s team, there are developers who are operating and encouraged to be creative in order to be innovative. Unfortunately, I’ve seen developers who have taken this definition too literally, and downloading the latest malware to learn how it works is just not acceptable.
I have also seen strong disagreements...
