Sign up to save your podcasts
Or
Share Who Should the CISO Report To?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Who Should the CISO Report To?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/)
Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security?
Check out this post for the basis for our conversation on this week's episode which features me, special guest co-host Yaron Levi (@0xL3v1) CISO, Blue Cross Blue Shield of Kansas City. Our guest is Gary Harbison, vp, global CISO, Bayer.
Thanks to this week's podcast sponsor, IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.
On this episode of Defense in Depth, you'll learn:
- We're having this discussion because as Allison Berey, M:CALIBRATE explained, "Wrong reporting lines can mean poor decision-making."
- There is no definitive answers as to what the reporting line should be. The final answer on this this discussion was "it depends."
- A CISO's placement within an organization should depend on where a company derives its value.
- All companies say security is important. How they place the CISO within the reporting structure and the influence they have on the organization is very telling as to whether the company truly does value security.
- There was a lot of concern reporting to other C-level executives that are not the CEO as the CISO's concerns could play second fiddle to a CFO, CIO, or CRO's primary desires.
- Many felt the most desirable reporting line was CISO-to-CEO.
- But, assuming every department is dealing with some sort of business risk, don't they all have the right to report to the CISO? Where do you draw the line?
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/)
Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security?
Check out this post for the basis for our conversation on this week's episode which features me, special guest co-host Yaron Levi (@0xL3v1) CISO, Blue Cross Blue Shield of Kansas City. Our guest is Gary Harbison, vp, global CISO, Bayer.
Thanks to this week's podcast sponsor, IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.
On this episode of Defense in Depth, you'll learn:
- We're having this discussion because as Allison Berey, M:CALIBRATE explained, "Wrong reporting lines can mean poor decision-making."
- There is no definitive answers as to what the reporting line should be. The final answer on this this discussion was "it depends."
- A CISO's placement within an organization should depend on where a company derives its value.
- All companies say security is important. How they place the CISO within the reporting structure and the influence they have on the organization is very telling as to whether the company truly does value security.
- There was a lot of concern reporting to other C-level executives that are not the CEO as the CISO's concerns could play second fiddle to a CFO, CIO, or CRO's primary desires.
- Many felt the most desirable reporting line was CISO-to-CEO.
- But, assuming every department is dealing with some sort of business risk, don't they all have the right to report to the CISO? Where do you draw the line?
More shows like Defense in Depth
View all
Hacked
186 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
176 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
195 Listeners
Cybersecurity Headlines
138 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
167 Listeners