Friction

How Do We Fix the CTO/Security Friction?

CTOs often prioritize rapid development and functionality over security, treating it as a speed bump. However, neglecting insider threats and compliance can lead to catastrophic failures. Security must be seen as essential “brakes” that empower organizations to navigate risks effectively while enabling growth. The challenge lies in convincing leadership to embrace this critical balance.
Continue reading “How Do We Fix the CTO/Security Friction?”

Executive Perspectives Pt 3: Reporting to Legal

This post discusses the dynamics of reporting lines in security, specifically through legal channels. Reporting to legal grants direct access to the CEO but may narrow focus to regulatory concerns, resembling internal audit duties. Leveraging legal compliance enhances security without neglecting broader obligations. Engaging legal counsel supports effective security posture and data protection.
Continue reading “Executive Perspectives Pt 3: Reporting to Legal”

Executive Perspectives: Navigating Security Reporting Across the C-Suite

An important part of providing value to an organization is dependent on how Security reports to executives. There are lots of ways Security can stack up in an organization. In past lives, I’ve reported to the CTO, to the CISO, to a VP of customer service, to General Counsel, and most recently, to the COO.…
Continue reading “Executive Perspectives: Navigating Security Reporting Across the C-Suite”