I saw this article over on Good Morning America about a town in New Jersey that was tired of parents yelling at the umpires during their kids’ Little League games, so they came up with a unique solution….
If a parent or another spectator fights with an umpire, they have to volunteer to officiate themselves for at least three upcoming games.
I was thinking about the role of the CISO, how this story relates and around the same time was reading another article about the recent conviction of the Uber CISO. I’ve been watching the case, and I definitely don’t share the same angst as those in the community over the guilty verdict. This is not to say though that he didn’t have some tough choices to make, just that they would certainly not have been the choices I would have made if in the same situation.

Image: Bing Image Creator
Having been a CISO with three companies across multiple industries, I can say with experience that it’s a tough gig, with complicated decision-making, in order to protect company data and systems in today’s threat environment. But it’s something that most of us go into knowing the level of effort that it takes to do the job right and it’s a life choice, or dare I say, a calling that we’ve taken on.
Many outside the Information Security community may not have visibility into all the things that Security Professionals have to be responsible for, think about, and implement every day. Below is an image (with the link to the original, as all props go straight to Rafeeq Rehman for his efforts in building this tremendously useful tool that I use for planning and execution) of a mindmap depicting a very comprehensive view of the various topics that must be considered throughout the year by security professionals in order to build a defense-in-depth posture that is risk-aligned with business goals.
