The Role of the Chief Information Security Officer especially in Gen-Z / Digital enterprises (companies usually born out of the cloud, not more than a decade ago, possibly experiencing a growth spurt) is evolving swiftly. While the CISO still carries the burden of expectations inherited from legacy regulations, standard compliance obligations, and customers on tenterhooks; the path to security is now paved with greater dangers of a wider threat landscape, easily accessible attack vectors, and technology that's developing faster than it can be secured. Today's CISO needs to relook at the strategy to secure this dynamic technology arena which seems to have no boundaries, no trust, and tools that are dime a dozen.
So how does the CISO do it? How does he not give in to the ultimate FUD (Fear, Uncertainty, and Doubt)? Does the solution lie in tools? people? technology?
Here's a set of simple, back-to-basics refreshers on what the CISO needs to REALLY focus on, to sustain, survive and secure the fort.