I was recently asked an interesting question: What are are the Top 5 CISO frustrations with the cybersecurity industry?
After a few minutes of deep thought and half a cup of coffee later (my 4th big cup of the day), this is what I came up with:
Top 5 CISO Frustrations of the Industry:
- Maintaining an understanding of the practical risks and likely threats
- Continuous alignment of defenses (technical & behavioral) to the shifts in risks and expectations
- Time spent on internal bureaucracy, resource acquisition, inefficient processes and issues deriving from avoidable/short-sighted mistakes
- Lack of communication, best-practices, insights, and collaboration across the peers of our industry
- Poor industry tools (capabilities, ROI, cross-integration, usability, etc.), flood of FUD from salespeople, and over marketing/hype in the security solutions space
Fellow CISO's, what are your biggest frustrations with our industry?