So according to a survey performed by Cisco, 42% of the CISO’s have given up. Fck that, they just need to realize, that they indeed are a one-man army, but that he or she is being supported by a bigger army of involved people. You are one of them!
Ask: When will the next security training be?
It is important to be involved with the security status of the company you work for. See it as your house, you would not enjoy if house-guests would invite strangers from the street into your house. It is common sense, but in the work environment this is often forgotten. Trainings can help with this!
Ask: With all of those exploits and vulnerabilities, do we patch and update?
Patching and updating solutions is important, most of the times it is a product or a service that is vulnerable, it is important to have a procedure to check and verify for updates and patches.
Ask: Do most of the patches and updates actually get installed?
Having the information is one thing, but it is important to act on the information.
Ask: Is there a procedure for vulnerabilities that cannot be patched or updated?
Things that cannot be fixed, still need to be covered.
Ask: CISO how can I assist?
There is nothing bad with being friendly and involved. Ask how you can assist in getting a healthy security status for the company. Make this topic alive.
If you are a CISO, and you got pissed, well, FCK that. If you are a CISO, and you enjoyed this. Bro / Sis, you are welcome 😉
Image from https://fortytwo.nl/#ciso