Awesome as always! The narrative of the CISO taking all the blame needs to change. This is a great way to start to turn that page.

THX. Very true and important rules for good management after all, not only for CISO.

Good morning Eric. Thank you for continuously educating us. Could you please make some episode for the new SEC rules and how to do some sort of table top exercise and who should be part of this from senior executives. Thanks

Dr.Eric, very good video and brilliant points. 💡Every CEO and the board of directors must attend at least 2 weeks of Cybersecurity executive education workshop. Only then they can be able to make the best decisions in their business with respect to their digital strategy. Once they finish this, then all the team members of CEO also have to attend the same. There is a big difference between "Knowing Cybersecurity versus Thinking Cybersecurity". All the CEOs know what is cybersecurity, but do they think Cybersecurity aspects in every decision making? Indeed, the same approach applies to Quality, Lean, Six Sigma, Data Science. These are business scientific tool kit. Not just a technical kit.

*Set the Risk Posture (what current risks are/aren't tolerable & what's the risk Tolerance level). *Communicate any intolerable risks to the related risk owner and then to the Board, to keep them aware and protect myself. *What & where are the critical assets? then prioritize them. *Spend time with the Chiefs. *as a CISO, do be out of sight & mind from Chiefs, be available & insight for questions/discussions. *Do/Update the Risk register, with risks prioritized, including TOP risks outlined/their Likelihood of occurrence/Impact if it happens/cost to fix it. Then communicate to the board on which ones they direct to treat/reduce. *Say no to what you can't do.

Oh my I just found the missing piece for the next level