I know this firsthand, because my personal via crucis is how to make information security more relevant at the board level.
CISOs and #security managers often come from a career where they learned how to master technology security, hone skills to identify #threats, build defenses, and ensure #compliance. The first barrier they face when growing in their careers is evolving into team leaders, where they must learn how to shift their objectives to build the new wave of professionals and efficient teams—all within an ever-evolving environment.
Many of us were somehow successful up to this point (you wouldn't have the job title otherwise). The next one typically proves harder.
The #CISO has to communicate with the #board, and those long-honed technical skills may not always yield success. As discussions shift to revenue, liability, or #strategy, the significance of CVE prioritization and number of remediated #vulnerabilities will diminish (a way to say that it will be met with stale looks). The result is that the CISO will not accomplish their objectives and find that what they believe are urgent needs actually do not resonate with board members—who do not see the direct connection between cyber and business outcomes.
The problem is not just one-sided. With new regulations from the US #SEC and the European Union’s #NIS2 framework, boards are now held accountable for #cybersecurity. Directors are expected to regard #cyber risk as a business issue rather than merely an IT concern. However, because of the inability of CISOs to articulate #risk in business terms, they are unable to correctly gauge it.
This disconnect is a symptom of a deeper cultural difference, and it is a significant challenge for CISOs (and boards!) today.
There is good news—cultural gaps are something that can be fixed with the right attitude and #training.
A step in the right direction is this free training from @XMCyber_ “Risk Reporting to the Board for Modern CISOs.” It was designed to empower security leaders to convey risk in ways that foster board trust and secure buy-in and allow board members to better understand the issues at hand and their actual possible impact on the organization.
I have gone through it and obtained my badge. Hopefully, it will be useful—and who knows, maybe useful to you as well. It may even be useful if you are not a CISO!
For more information, you can visit https://t.co/Wc4NYGXu2C
Happy educating yourself!
@RobertoBurioni@MedBunker Nessuno dei due dovrebbe esserlo. Una distribuzione diversa delle risorse: più tasse significano servizi pubblici gratuiti per tutti e meno tasse significa che alla prima malattia devi aprire un GoFundMe, che è di gran lunga il motivo più ricorrente negli USA.
@tajaliga@whenthemusicver Il protocollo GSM si è evoluto in modo spaventoso, ma la base era quella. Nokia ha avuto per decadi un vantaggio enorme dall’averlo sviluppato e tutt’ora è uno dei leader nelle forniture telco. Ma in Italia non siamo lungimiranti.
@SalzDevs@TrisH0x2A I am not sure which debugger you use, but the ones I had since the early 2000s had no issue visualising a XOR or the variables or doing any other simple calculation
“Il gas russo ci faceva pagare meno l’elettricità” lo dice chi non ricorda il 2021:a dicembre, con il gas russo ancora dominante, il prezzo esplose oltre 180€/MWh perché Mosca usava il gas come arma politica. Oggi il gas costa 45-50 €/MWh. La propaganda non abbassa le bollette.
@hairlessmonkey@thisdudelikesAI It is completely stupid to think they are acting like humans when no AI company has ever affirmed that.
The fault is on the users 100% this time.
Amazing how neither Chang nor her professor understood the most important part: LLMs are stochastic parrots. They are not built to be a critical thinking support because they are not capable of it - because you cannot. They do not “think” but produce words based on probabilities. If you ask the same thing twice they will reply differently.
We should stop anthropomorphising LLMs. This is the problem - a completely false framing of the problem.
There is no deliberation on cucumber curvature anymore (it was scrapped in 2009).
The one that always get abused (it was the case with the Brexit proponents) is the curvature of bananas, but it was clearly mislead - it was the opposite, requiring bananas not to have abnormal curvatures.
Am I being pedantic? No, because these are the usual myth coming from EU detractors. In fact, it is about standardising quality of the trades.
Cucumber curvature was defining the “extra class” and did not ban “lower classes” of cucumbers from being sold. Ultimately, like for bananas, it was a matter of classification and standardisation for trade - not of control. It helps ensuring the quality of the produce being introduced in the EU.
@blanplan@AYi_AInotes There is a common theme on every AI sycophant I have read: they all overestimate the ability of the models and have no idea about the job they think the AI will replace.
No surprise we are in the same realm with this OP.