Curious how you guys (and gals) approaching this.
AI adoption feels like it’s moving faster than we can really process/
Are you mostly:
these are all questions the board are asking me.
Hello everyone! I’m the CISO at ANYRUN, a company behind Interactive Sandbox and Threat Intelligence solutions used by 15,000+ organizations, 600,000 security professionals, and security teams at Fortune 100 companies worldwide.
This May, ANYRUN is celebrating its 10th anniversary. From May 18 to May 31, we’re running special anniversary offers across our core threat analysis and intelligence solutions.
To celebrate this milestone, we decided to host this AMA specifically for CISOs and security leaders.
Today, I’d be happy to answer your questions and discuss:
The AMA will take place on May 20–21, but feel free to leave your questions later as well. I’ll continue checking the thread throughout the week and will try to answer as many questions as possible.
Drop your questions in the comments!
How do you govern 3rd party vendor access and how do auditors verify it?
After years of watching brilliant security professionals struggle not with the technology — but with the boardroom, the budget table, and the C-suite — I wrote the book I wish had existed when I stepped into my first security leadership role.
Today, I'm proud to announce that THE SECURITY EXECUTIVE: Leading, Influencing, and Protecting in the Age of Cyber Risk is officially available on Amazon.
Here is what I know to be true after working across security programs, board rooms, and executive teams:
Technical competence earns the CISO title.
Organizational leadership determines whether the CISO keeps it — and whether the security program actually works.
The gap between those two things is where security programs fail. Not because of sophisticated attackers. Not because of inadequate budgets. But because the CISO who speaks fluent threat intelligence cannot always speak fluent board governance, financial risk quantification, or C-suite alliance building.
This book addresses that gap directly.
━━━━━━━━━━━━━━━━━━━━━━━
WHAT THE SECURITY EXECUTIVE COVERS:
━━━━━━━━━━━━━━━━━━━━━━━
✦ The identity shift from engineer to executive — and why it is the most important transition a security leader makes
✦ How to build a security strategy the business actually believes in — using the Business-Security Alignment Matrix
✦ Speaking the language of cyber risk in financial terms your CFO and board can govern with
✦ The board communication framework that produces governance decisions — not polite silence
✦ Building C-suite alliances so security is present before decisions are made — not at week six of a cloud migration you were never told about
✦ Incident response leadership in the first 24 hours — the calls, the command structure, the executive anxiety management
✦ The personal liability landscape every CISO must understand in the current regulatory environment
✦ Career architecture for longevity, legacy, and what comes next — board service, consulting, and the professional options that intentional design creates
━━━━━━━━━━━━━━━━━━━━━━━
20 chapters. 900+ pages. 20 Quick Reference Tools your team can use this week.
This is not a technical manual. It is the organizational leadership architecture that the security profession has needed and largely not had.
If you are a CISO, an aspiring security executive, a senior security professional preparing for the next level, or a board member responsible for security governance — this book was written for you.
📖 Now available on Amazon in Kindle and Paperback.
🔗 Link in comments.
I would love to hear from the security community: What is the single leadership challenge in your current role that no technical certification ever prepared you for?
#CISO #CybersecurityLeadership #ChiefInformationSecurityOfficer #SecurityStrategy #CyberRisk #EnterpriseSecurity #SecurityExecutive #BoardGovernance #InformationSecurity #CISOLeadership #SecurityManagement #CyberRiskManagement #SecurityProgramLeadership #InfoSec #CISOCommunity
Hi everyone,
I’m curious to hear from the professionals in this community about the reality of your day-to-day work. I think it’s easy to get caught up in the "ideal" version of a job, but I’d love to dive into the actual friction points you encounter.
I’d love to know:
Looking forward to reading your stories and seeing if there are any common themes across different industries!
Hello, this week I start a new position as director of cybersecurity and I'm trying to wrap my head around how I'm going to keep all the different aspects of a security program centralized for KPIs and other reporting so I can properly manage this. The company is around 400 people and although their IT isn't very mature they rely very heavily on msp cloud services which could take pressure off me for having to manage things more manually.
Does anyone use any sort of cloud or local software that essentially acts as a GRC of sorts with a risk register, framework mapping, crosswalks and other things that simply make your life managing an information security department easier.
Note that this is my first time leading infosec and I really want to make sure I get organized as early as possible before I start finding rabbit holes I never come out of.
Some interesting numbers on identity security which we've recently covered.
The average cost to recover from an identity breach is now $1.64M, and 71% of organizations were hit in the past year.
Apparently driving most of the damage is unmonitored non-human identities: API keys, service accounts, OAuth tokens, AI agent credentials.
Only around 10% of organizations continuously rotate or audit them. Curious what people here are doing for NHI management in practice. What's actually working?
I’m a manager interviewing for a VP role. How should I prepare? How do I convey strategic thinking?