IDC Türkiye CIO Summit 2023 IDC CIO Summit is back with s 14th edition, a unique opportunity for the top IT leaders in Turkey to collaborate and discuss the challenges and opportunities that come with digital transformation. At IDC CIO Summit Türkiye 2023, I’m honored to have been invited to share my insights and knowledge […]
I am happy to announce that I will be presenting the Keynote at the IDC Turkiye Security Summit “Building Culture of Innovation in the Age of Cybercrime”
Microsoft offers useful insights to Kuwaiti cyber-security pros at executive Summit Renowned experts gather to discuss cyber security trends and best practices KUWAIT: Microsoft yesterday hosted the third edition of its popular CISO Executive Series in Kuwait, where industry experts and Chief Information Security Officers gathered to share and discuss current trends in cybersecurity. The […]
Incident Response Challenges Incident Response Evolution and Current Challenges Part 3 This is the third part of the article. To read Part 1 please click here, to read Part 2 please click here Preventing future breaches The last phase of an incident management plan is reporting, and avoidance of future security incidents. Therefore, a major […]
The Security Noob Feedback Cybersecurity Attacks and Defenses Strategies 3rd Edition by Yuri Diogenes & Dr Erdal Ozkaya REVIEW This is great feedback shared by The Security Noob about our best selling and award-winning book. You can read the feedback directly in his page via this link: The Secuity Noob is the award winner of […]
Named among Top 50 Technology Leaders 2021 by CIO Online & IDC, working with an ardent passion for raising cyber awareness and leveraging new & innovative approaches
Dr Erdal is predominant professional focus is the protection of the people, processes, and assets of an enterprise from both physical and cyber threats, including acts of terrorism, economic and industrial espionage, and other detrimental forces being asserted in today’s global marketplace.
In his role as CISO at Comodo Dr Ozkaya engages the infosec industry around the globe on today’s risk challenges and how Comodo uniquely mitigates them with. As CISO of Comodo, Dr Ozkaya should be recognized for his pragmatic vision that helped address multiple cybersecurity obstacles that the Government faces.
With a wealth of knowledge and long history as a security practitioner, consultant, trusted advisor and product builder,
Dr Ozkaya is a frequent speaker and instructor at security events and conferences across the globe where he champions a move from a historically reactive security posture to one focused on proactively predicting and preventing future risks.
Dr Ozkaya has authored papers that have been published in Research Journals, NATO and many research institutes.
Some Awards of Dr Erdal Ozkaya – Cybersecurity Awards
https://www.youtube.com/watch?v=3HBfVqHgX28
Microsoft Circle of Excellence Erdal Ozkaya
Information Security Society of Africa Nigeria Award
https://www.youtube.com/watch?v=Hao3zsrRi-I
Jay Bavisi Erdal Ozkaya AWARD
Awards of Dr Erdal Ozkaya – Best Speaker Dr Erdal Ozkaya – Global Cybersecurity Leader Award
SEO Questions:
List of Dr Erdal Ozkaya’s awards?
What awards did Erdal Ozkaya won?
Who won the Microsoft Platinum Club awards in 2017?
Microsoft Regional Director
DX Inspire Award 2022 Dr Erdal Ozkaya
cybersecurity awards – cybersecurity global excellence awards – top cybersecurity awards -What are the cybersecurity Excellence Awards?
cybersecurity awards global cybersecurity awards cybersecurity breakthrough awards What are the cybersecurity Excellence Awards? Who won the cybersecurity Excellence Award? – Recognitions and Distinctions of Dr Erdal Ozkaya – Awards of Dr Erdal Ozkaya -awards cybersecurity excellence
CISOs End to End Security Operations This is the second part of the article, you can read the first part from here Leading auditing and compliance initiatives A CISO and an organization’s security team are tasked with leading auditing efforts of the company’s security systems and ensuring that a company complies with all the security standards and regulations that govern […]
A CISO, or Chief Information Security Officer, is primarily responsible for an organization’s cyber security initiatives. CISOs are technologists, who can participate in high-level initiatives as business strategists. CISO’s ensure that IT systems comply with security and regulatory requirements. In summary a C(I)SO is the top Cyber executive of an organization. The Role CISO requires a combination of technical and soft skills, such as business acumen, leadership, communications and relationship building.
WHAT EXACTLY IS A CISO ?
Before we dive deep into the nuances of cyber chiefs’ career paths, it’s important to understand the nature of the role. So here is the 6 Facts you need to know about CISO role :
Trusted “security” advisor – As a CISO you need to translate technical matters into the language of the business – helping non technological executives and boards understand the technical matters and help them make risk-informed decisions confidently
Strategist – As a CISO, you need to get involved setting goals, determining actions to achieve the goals, and mobilizing resources to execute the “prioritized” actions which needs to be tightly linked to businesses strategy.
Leader – As a CISO you need to have leadership skills not just to build an inspired and bonded diverse team but also set an example as a role model to create culture of constant learning, innovation, and active collaboration.
Modern Marketer –Modern marketing is the ability to harness the full capabilities of the business to provide the best experience for the customer and thereby drive growth. As a CISO you need to evangelize cybersecurity capabilities to regulators, client prospects, insurers, and business partners — helping win new business, lower cost of capital, and maintain the license to operate.
Change agent – CISO’s should be able to create a cyber culture where everyone in the organization understand cyber risks and help you to mitigate them
Influencer – CISO’s should be able to influence critical stakeholders to support the cybersecurity transformation.
CISO : Cybersecurity Leadership Demystified
How to Become a CISO
There is no direct path to the CISO role. While this is true, its really important to hire the right talent. Being a CISO used to be a hard core cybersecurity role, however, the function of the CISO involves much more business leadership and risk management.
Today, a CISO must be able to help executives at C-suite level to understand risk as it is about bits. CISOs in any enterprise organization must-have skills to be able explain security for non techies, build and maintain critical relationships and communicate at both senior and operational levels. Soft skills are critical to evangelizing security initiatives and celebrating wins, which need to be expressed as business outcomes.
Soft skills are critical to evangelizing the agenda and celebrating wins, which need to be expressed as business outcomes. The CISOs who can develop those skills can ‘sell security’ to their peers and other business line executives. So who can become a CISO ?
Experienced techies, such as cybersecurity architects, network security engineers, or IT Security Managers
An experienced technology risk manager
A CIO or technology leader with extensive experience building high performing teams, driving digital transformation, and sitting on executive committees
Who should not become a CISO
As a trusted security advisor in the past, I met many CISO’s who had no clue about cybersecurity, and unfortunately those CISO’s needed the most help . CISO’s should not be just hired based on experience in the company, or for just being a program delivery manager. CISO’s are much more then just a delivery manager , politician or someone who is network well to get the “hot” seat which pays well. Mark my words, the organizations they follow tis path will have ex CEO’s which blame interns for using weak passwords. ( Read the news article here : https://edition.cnn.com/2021/02/26/politics/solarwinds123-password-intern/index.html )
I met many CISO’s depending on our “advisory” or they were great leaders but had no clue of “what was exactly happening in cyber landscape”
Areas of focus for a CISO
CISO Responsibilities
Some of the day to day tasks of CISO’s are :
Security Operations
Real-time analysis of immediate threats, and triage when something goes wrong.
Cyber-risk and Cyber Intelligence
Keeping abreast of developing security threats, and helping the board understand potential security problems that might arise from acquisitions or other big business moves.
Data Loss and Fraud Prevention
Making sure internal staff doesn’t misuse or steal data
Security Architecture
Planning, buying, and rolling out security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind.
Identity and Access management
Ensuring that only authorized people have access to restricted data and systems.
Program Management
Keeping ahead of security needs by implementing programs or projects that mitigate risks—regular system patches, for instance.
Investigations and Forensics
Determining what went wrong in a breach, dealing with those responsible if they’re internal, and planning to avoid repeats of the same crisis.
Governance
Making sure all of the above initiatives run smoothly and get the funding they need—and that corporate leadership understands their importance.
CISO Responsibilities:
A CISO is appointed to provide cyber security leadership and guidance for their organisation.
The CISO within an organisation is typically responsible for providing strategic-level guidance for their organisation’s cyber security program and ensuring compliance with cyber security policy, standards, regulations and legislation. They are likely to work with a Chief Security Officer, a Chief Information Officer and other senior executives within their organisation.
The CISO oversees their organisation’s cyber security program and ensures their organisation’s compliance with cyber security policy, standards, regulations and legislation.
The CISO regularly reviews and updates their organisation’s cyber security program to ensure its relevance in addressing cyber threats and harnessing business and cyber security opportunities.
The CISO implements cyber security measurement metrics and key performance indicators for their organisation.
The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key business and ICT executives, which meets formally and on a regular basis.
The CISO coordinates security risk management activities between cyber security and business teams
Overseeing incident response activities
Contributing to business continuity and disaster recovery planning
Developing a cyber security communications strategy
Working with suppliers and service providers
Receiving and managing a dedicated cyber security budget
Overseeing cyber security personnel
Overseeing cyber security awareness raising
CISO : Cybersecurity Leadership Demystified by Erdal Ozkaya
My new book will , which is planned to be published in 2021 will be a desk reference book for CISO’s and everyone who wants to be CISO….
As CISO – especially in a new organization – you need to balance between a Cybersecurity guru and business acumen. Of course you will need to start creating a cybersecurity strategy – or revise it if it exists – creating a budget , build your team but also spend time o manage the expectations of your stakeholders.
Do you know what are you doing in your next 100 days Do you know all your assets , crown jewels – are they reflected in your 100 days plan ?
What is your Incident Response Plan? Are you ready to recover from a cyber attack ? Did you asses the organization and presented the finding to the board?
Are you up to date ? Did you prioritize the essential 10-15 critical few key controls, are they tested and ready for coverage and maturity?
What is your scope? Are roles and responsibilities defined in writing and assigned to accountable executives and their teams ?
Do you have a measurable cyber-resilient culture change program in place ? Don’t forget its CISO’s priority to work with the CEO/ Board and create a cyber culture organization wide , with Assume Breach in mind
Do you know your key customers ? Did you start to reach them out and build / strengthen relation?
Create / define your partners ! Leverage new innovations
CERTIFICATIONS
While certifications are good to show what you know, keep in mind that certifications don’t make one a stronger professional. Certifications won’t turn a CISO candidate from analyst to C-suite dweller overnight. But what they can do is offer expertise across the many areas CISOs must have basic knowledge of, if not in-depth expertise
SANS Leading Cybersecurity Change , Build a Security based culture
SANS Security Leadership Essentials for Managers
Based on a study by Digital Guardian 53 of the Fortune 100 CISOs held the CISSP (certified information systems security professional by (ISC)²) certification and 22 held the CISM (certified information security manager by (ISC)²) . The top five certifications held by Fortune 100 CISOs include CISSP, CISM, ITIL, CISA (Certified Information Systems Auditor by ISACA) and CRISC (Certified in Risk and Information Systems Control).
In Summary :
The CISO is the guardian of the organization, who build the cyber strategy be the advisor to the board and who is still a technical executive. CISO is also known as CSO (Chief Security Officer ) and VP of security.
The demand for business-centered technical CISOs will continue to grow, as having the right CISO will provide assurance to companies their strategic business partners, regulators, and customers that their cybersecurity capabilities are robust and fit for purpose.
And I for sure recommend you to aim to be a CISO as data breached soar, so will CISO’s paychecks.
Insider Threats: Potential Remedies For Mitigation
Event Details
Insider risks and threats are one of the top concerns of cybersecurity and compliance professionals today. With the increasing remote-workforce trend, the cyber threats posed by insiders may be a reality that organizations will have to contend with in the long term. As the nature of threats evolve, Insider threat prevention best practices are also continually evolving.
So how do you deal with and navigate these malicious or accidental threats that come from people within the organization?
Join the Learning Session hosted by CIOs of India in association with EC-Council on Friday, July 9, 2021, at 5.00PM IST to learn and understand:
– The indicators of heightened risk with a remote workforce
– Identify insider threat risks, vulnerabilities, and weaknesses within the organization
– Emerging tools and strategies for cyber deception
– How to develop a data-driven approach to insider threat
– How to create a policy-driven insider threat mitigation program with Zero Trust
– Shadow IT; what are the risks and how to mitigate them
– Providing actionable risk mitigation strategies to detect, deter and mitigate the insider threat and more.
Quick Save Your Spot! Special Giveaways For The First 50 Participants!
Even if you cannot join live, REGISTER NOWand we will send you the recorded webcast to watch at your convenience.