Three Fundamental Questions for Strategic Decision Making

How to pick the right projects for the next year or the next thing to work on? Recently, this was the major point of discussion in the planning meeting of a non-profit organization. Irrespective of for-profit or non-profit status, all organizations and businesses have to make the same strategic decisions about picking and choosing projects. Continue reading

Posted in Digital Transformation, Entrepreneurship, Leadership | Tagged , , | Comments Off on Three Fundamental Questions for Strategic Decision Making

Customer Experience: The Missing Pillar of Information Security Programs

Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he could help his organization turn their customers into their brand advocates. Continue reading

Posted in Digital Transformation, InfoSec, Leadership | Tagged , , , , , | Comments Off on Customer Experience: The Missing Pillar of Information Security Programs

Building a Successful Security Operations Center Part 3: SOC Budget Calculator

Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Since then, many people have asked questions about estimating budget for standing up an internal SOC. Continue reading

Posted in InfoSec | Tagged , , , | Comments Off on Building a Successful Security Operations Center Part 3: SOC Budget Calculator

Five Minutes Overview of IoT Messaging Protocol for CISOs

Although traditional methods of communications like RESTful APIs can be used for IOT communications, MQTT and CoAP are the two major IoT protocols for exchanging messages in IoT networks. This is a quick overview of both of these protocols. Continue reading

Posted in InfoSec, IoT | Tagged , , , | Comments Off on Five Minutes Overview of IoT Messaging Protocol for CISOs

Building a Successful Security Operations Center (SOC) Part Two – Estimating SOC Budget – CISOcast

Budget estimates are a major part of SOC business case. A typical budget will consist of capital cost, payroll expenses, and annual recurring costs. The budget estimates also helps in making decision about build an internal SOC or using SOC as a Service. Following is a summary of three major cost components. Capital Cost – […]

Source: Building a Successful Security Operations Center (SOC) Part Two – Estimating SOC Budget – CISOcast

Posted in Leadership | Comments Off on Building a Successful Security Operations Center (SOC) Part Two – Estimating SOC Budget – CISOcast

Disruptive Technologies Every CISO Should Know – CISOcast

Information Security is a rapidly changing field as advancements due to disruptive technologies, like SDN, IoT, NFV and others, have direct impact on security management programs. Information Security professionals, in general, are perceived to be slow in  adapting to new technologies and are many times considered a road block. This perception must change and this post […]

Source: Disruptive Technologies Every CISO Should Know – CISOcast

This is my latest Blog on CISOcast

Posted in Leadership | Comments Off on Disruptive Technologies Every CISO Should Know – CISOcast

Lack of Security and Network Resources: A Major Hurdle in Digital Transformation

digital transformation

Initiatives for Digital Transformation are at front and center of every major corporation to keep their business competitive and relevant. Many technology research organizations are publishing papers about different aspects of digital transformation, which is categorized  as a new industrial revolution. Continue reading

Posted in Digital Transformation, InfoSec, IoT, Leadership | Tagged , , | Comments Off on Lack of Security and Network Resources: A Major Hurdle in Digital Transformation

2016 CISO MindMap – What do InfoSec Professionals Do?

Please note that this is an older post

An updated MindMap available here.

It took some time to update the CISO MindMap but finally it is here. Thanks to all who provided suggestions for this update.

A very rapid change is happening across the industries. Whether it is digital transformation, Internet of Things (IoT), Software Defined Networking (SDN), crypto currencies, virtual reality, 3D printing or others, change is visible everywhere. These changes are happening across all industries. CISOs not only need to adapt quickly to these changes but need to be on the leading edge of these changes. Business enablement is becoming a key role of modern CISOs. Good luck with all of this!

UPDATE: If you are want to hang a printed copy of this mind map in your office, I would suggest using the CISO MindMap_a0 PDF and getting a 24×36 inch print from OfficeMax or some other place.

A related post to this mind map is about building a security operations center or SOC. Please refer to “What is Takes to Build a SOC“.

CISO MindMap 2016
CISO MindMap 2016

PDF versions of CISO mind map are available for download using the following links.

 CISO MindMap_a0

CISO MindMap letter

CISO MindMap_legal

CISO MindMap_a1

Posted in InfoSec, IoT, Leadership | Tagged , , , , | Comments Off on 2016 CISO MindMap – What do InfoSec Professionals Do?

IoT Design Review

Embedding security into architecture and design of major IoT projects is the best way to catch problems earlier, avoid costly patchwork, lower the risk of data breaches, and to meet compliance needs. However, research shows that most of the times security is either completely forgotten or is just an afterthought. Same is true for IoT where race to the being first in the market is on, and taking care of security and privacy of critical assets is not given due importance in design and implementations. Continue reading

Posted in InfoSec, IoT | Tagged , , , | Comments Off on IoT Design Review

How Small Things are Making Big Difference

RPi_School_Videos

IoT is not only about connecting machines; the technology can do countless other amazing things. Recently I had the privilege of working with few non-profit organizations promoting education. The solution involved Raspberry Pi, which is used in many IoT application, to make a big difference in education.

Millions of families across the globe are forced into perpetual poverty due to lack of access to quality education.

Either schools are not available in many parts of the world, or, if schools exists, qualified teachers are hard to find. While many non-profit organizations are creating video lessons, in rural areas of many countries, Internet is not available to enable access to these video lessons. A major question is how to make this content available to students in these schools, and this is where Raspberry Pi comes into picture.

Our solution involves partnering with non-profit organizations creating video lessons and using Raspberry Pi to make these lessons available to schools. Raspberry Pi has proved to be a promising platform because of few key features:

  • With Micro SD card, it is possible to load video lesson locally on the device eliminating the need for the Internet web servers.
  • HDMI port is available to connect Raspberry Pi to a TV set in classroom.
  • Raspberry Pi has a complete operating system which enables adding features like running local Web Server and Web Browser.
  • Cost is one of the major factors. Raspberry Pi is available at very low-cost.
  • There are no moving parts in Raspberry Pi, so the system can work for a long time with little to no support.
  • While the main use case is to connect Raspberry Pi to a TV monitor in the classroom, WiFi is enabled so that other computers or handheld devices can also be used to view these lectures.

The hope is that this solution will bring much-needed solution to schools in villages and other remote areas to solve the issue of lack of teachers and quality lessons. This is especially important for science subjects where teacher are hard to find and retain. The overall cost of the solution is low as it needs a small size TV and a Raspberry Pi device. The next frontier is to add an option of solar panels to reach out to places where continuous electricity is not available. Raspberry Pi is a small device, but it is expected to make a big difference in the life of students in these neglected schools.

Posted in Education, IoT | Tagged , | Comments Off on How Small Things are Making Big Difference