NTXISSACSC4 - A Day in the Life of a CISO

@NTXISSA#NTXISSACSC4

ADayInTheLifeOfACISO

MarkNagielSVP/CISO

PrimeLendingOctober7,2016


Disclaimer

Thispresentationisanexcerptfrommyprofessionallifeasasecurityleaderoverthelast15+years.Itisnot arepresentationof

whatIdotodaybutrathera“sample”ofhowIwork.”

NTXISSACyberSecurityConference– October7-8,2016 2


Warning!!!

Someofwhatyouwillseedoesnot represent“normal”humanbehavior!

…howevermanyofyourwillfindthebehaviorquitefamiliar…

someofyouwillnotgetanyofthisatall…IworryaboutthatgroupJ



Thingsaredifferenttoday!

- Wewanteda“seatatthetable”andnowwehaveit.- Someofuscanleveragethisscenario.- Someofusdon’tknowwhattodo.

- Boardmembersarestartingto“getit.”- Securityasameanstoprotecttheshareholder.- Securityasameanstoprotectbusinessprocesses.- NowBoardmemberswant“real”proofbasedonspecificmetrics.

- Businessengagementincyber/info/securityisresultinginhigherlevelsofperformanceexpectations(riskvs.cost),regulatorycomplianceandduediligence.

- Cybersecurity/InformationSecurityisabusinesstopic.It’snotabout“security.”it’sabout“risk.”



Timetowakeup!


4:30am

6

McKinney,TX

12:30pm 11:30pm12:30pm 5:30am


WhatamIthinkingat4:30am?


PLAUnit61398

The US State Department and the Federal Bureau of Investigation announced Tuesday a $3 Million reward for the information leading to the direct arrest or conviction of Evgeniy Mikhailovich Bogachev, one of the most wanted hacking suspects accused of stealing hundreds of millions of dollars with his malware.


Actually,at4:30amIamthinkingthis…

Ifsomeonereallywantstokillyou…youwilldie!



5:00am- QuickReviewofSecurityNews



6:00am- Outthedoor!



Onthewaytotheoffice…


Yum,Yum!!Keepingtheteamhappy…


Andthedayattheofficebegins…

• Reviewdashboards• Reviewthreatintelligencedata• Discussapplicationcontrolrequirementswithprojectmanager• Discussapplicationsecuritytestingwithanotherprojectmanager• Attendhuddlewith“peer”executives• Attendhuddlewithothertechnologyteamleads• Reviewslidesforsteeringcommitteemeeting• Reviewslidesfortechnologyoperationsmeeting• MeetwithCEO• MeetwithCIOregarding“customerexperience.”



Andthedaycontinues…• Reviewvulnerabilityremediationmetrics• Conductvendorduediligenceinquiry• Attendfirewallrulereviewmeeting• Meetwithvendor#1whoisactuallysolvingsomeofmyproblems• Meetwithvendor#2whoisonlyinterestedinmy$$$• Meetwithvendor#3regardingonemorethingIdidnotknowIneeded!• AttendSOXcontrolframeworkmeeting• ProcessrequestfromLegaldepartment• Discuss“zero-hour”malwarevariant• Discussupgradeofsecurityinfrastructurecomponents• ConductGartnercallregardingoptiontoreplace“endoflife”product• Discusscontentforsecurityawarenessposters• Discusssecurityawarenesstrainingclasscontent• Finalizecontentforsecurecodingclasses• Meetwith“beancounter”regardingbudget• Conductstaffmeeting• Conduct1:1meetingswithdirectreports• ReviewnewFFIECregulation• ReviewnewNYstatecybersecurityregulations



Andthedaywindsdown…• Attendoff-sitestrategyteammeeting• Answerquestionsregardingrelocationofteamtoadifferentlocationinbuilding• ManageFFIECexamination• ManageSOXaudit• Managerpentestingengagement• Discuss“nextgen”endpointintegration• TakeacallfromuserthatdoesnotlikeanyformofMDM• Discussendpointperformanceenhancementstrategy• Discusspatching• Gooveremployeesurveyresults• Visitwithalldepartmentheadstodiscussneeds/wants• Workonnextyearsbudget• Gothroughalle-mailmessages• Workonsecuritystrategyandarchitecturechanges• Workonsecurityinfrastructure• Workonpolicy,standardsandprocedures• Discusstrainingneedsforteam• MeetwithHRregarding“newhires”• MeetwithIAMteamregardingprocessautomation• Meetwithcomplianceleadership• Meetwithfieldregionalleadership• Answerquestionsregardingspeakingengagement• AnswerquestionsforInternalAudit• MeetwithInternalAuditregardingauditplanfornextyear• Talkwithinternsregardinginfosec• Gogetcoffeebecauselunchneverhappenedtoday• Contemplatehowit’sactuallypossibletohave15meetingsinoneday…



LifeasaCISOtoday=240%


Governance Policy Strategy Architecture

People BusinessEnablement Compliance HelpingOthers

30%

30%

30%30%

30%

30%

30%

30%


AverageDaySummary…


6:30amReviewscheduleande-mailduty7:00amReviewthreatintelligencedatadashboards8:00amOn-linemetingwithvendorfromNewYork8:45amAttendexecutiveupdatemeeting9:00amAttendTechnologyupdatemeeting10:00amMeetwithSOCcomplianceteam11:00amMeetregarding2017budgetplanning11:30amConduct1:1meetingwithkeystaff12:00pmE-maildutyandcatchuponmywork1:00pmConductSecurityOperationsmeeting2:00pmMeetwithInternalAuditregardingauditin-progresswork3:00pmAttendchangemanagementmeeting4:00pmConductsecuritystaffmeeting5:00pmAttendmeetingwithCIO5:30pmMeetwithLegalteamregardingrequestsin-progress6:00pmAttendapplicationsecuritymeeting6:30pmCallitaday…


W.I.N(What’sImportantNow!)


Keyquestionsdrivingmydailyfocus:- Domyseniorexecutiveshavecomfortwiththedefined“riskappetite?”- AmIawareofandamIcommunicatingcriticalchangestothethreatlandscape?- AmIbalancingriskandcostatacceptablelevels?- Ismyteameffective?- CanIdetectandrespondtoanincidentinanefficientmanner?- AmIabletodemonstratethattheattacksurfaceisshrinking?- AmIleveragingalltheresourcesinthemostefficientmanner?- AmIprioritizingbasedonrisk?- AmIabletotranslatedata…intoinformation…intointelligence?- AmIagood“servantleader?”- AmIfocusedondoingbettertodayvs.yesterday?


HeadingHome!


6:25pmHeadinghomeafter12hours

7:00pmDinnerwithfamily

7:30pmWalkwiththedogandfamily

8:00pmTelevision/iPad

8:30pmTalktoCIOregardingproductionissues

9:30pmLookate-mailonelasttime

10:00pm…

2:50amAlertcallfromtheSOC!


WhatamIthinkingwhenIgotosleep?

Ifsomeonereallywantstokillyou…youwilldie!


@NTXISSA#NTXISSACSC4@NTXISSA#NTXISSACSC4

The Collin College Engineering DepartmentCollin College StudentChapteroftheNorthTexasISSA

NorthTexasISSA(InformationSystemsSecurityAssociation)


Thankyou

Date post:	16-Apr-2017
Category:	Internet
Upload:	north-texas-chapter-of-the-issa
View:	378 times
Download:	0 times

NTXISSACSC4 - A Day in the Life of a CISO

Internet