P RESENTATION
Top 7 Issues for CISOs
Security: Yes.
Risk: Getting There.
Breaches: Uh Oh.
People: Aha!
SPOTLIGHT ON THE PRESENTERS
Don Miller
Manager of Cyber Security & IT Compliance at FirstEnergy
Fulfilling the CISO role and building the security function
from its infancy for over 10 years, Don has developed and
implemented the enterprise cyber security, risk and
compliance programs for First Energy. Don started his
career at Bell Labs and was a Sr. Manager at both E&Y and
Deloitte & Touche.
Stephen Marchewitz
President
Steve has more than 15 years of experience in multiple aspects
of information systems, security, management, and risk
advisory services.
Data Classification: SecureState Public
2
AUDIENCE DEMOGRAPHICS
INDUSTRY
Healthcare
18%
Professional
Services
16%
Education
13%
Other
9%
Finance
15%
Data Classification: SecureState Public
C-Suite
17%
Consultant
23%
Retail
25%
Manufacturing
7%
Technology
6%
JOB FUNCTIONS
Manager
30%
Director
21%
3
SECURESTATE OVERVIEW
Management Consulting Firm Specializing in Information
Security
Established in 2001
By identifying the problem in a causal relationship we can
provide tactical and strategic recommendations to position our
clients in achieving their SecureState.
Data Classification: SecureState Public
4
SECURESTATE PHILOSOPHY
Data Classification: SecureState Public
5
What are CISOs Saying?
Data Classification: SecureState Public
6
BACKGROUND
SecureState Research and Innovation Study
• Discussions with 20 CISOs
• Interviews ended Q4 2013
• Questions such as:
– What are your top issues?
– What things have the greatest impact to your success?
– What trends are you seeing or dealing with?
• Some responses were formal interviews, others
were anecdotal or compiled from our
assessments
Data Classification: SecureState Public
7
CISO ISSUE #1:
MARKETING AND SELLING OF SECURITY
Data Classification: SecureState Public
8
CISO ISSUE #2:
PRESENTING TO OTHER EXECUTIVES AND THE BOARD
Data Classification: SecureState Public
9
CISO ISSUE #3:
UNDERSTANDING (AND CONVEYING) HOW THE
BUSINESS MAKES MONEY
Data Classification: SecureState Public
10
CISO ISSUE #4:
SPEAKING IN BUSINESS LANGUAGE, NOT TECHNICAL
Data Classification: SecureState Public
11
CISO ISSUE #5:
HELPING THE CEO ‘WIN’
Data Classification: SecureState Public
12
CISO ISSUE #6:
SECURING NEW TECHNOLOGY
Data Classification: SecureState Public
13
CISO ISSUE #7:
STRATEGIC (RISK) MANAGEMENT
Data Classification: SecureState Public
14
“BONUS” CISO ISSUE #8:
LOSING YOUR JOB AFTER A BREACH
Data Classification: SecureState Public
15
THANK YOU FOR YOUR TIME!
Stephen Marchewitz
President
smarchewitz@SecureState.com
Data Classification: SecureState Public
QUESTIONS
ANSWERS