Articles by David Sheidlower

September 6, 2017

By David Sheidlower
CISO, Turner Construction

In my 10+ years as a CISO, I've noticed a trend that appears to only be increasing. What I have observed is a proliferation of job titles that rhyme with CISO. But rather than describing the Chief Information Security Officer, these new titles swap out the word “chief” and come up with something else to describe something different.

There’s the BISO, or Business Information Security Officer, who has some level of responsibility for a specific part of a firm’s business. They are expected to be part of the business unit they are responsible for. In other words, knowing the business is as important as knowing security.

July 10, 2017

By David Sheidlower

I have gone back and forth for a long time.  Should security be risk-centric or data-centric.  Outside of security professionals, you sometimes meet people who believe security should be compliance-centric and others who believe security should be audit-centric (which is a type of compliance-centrism). 

Certainly there used to be network-centric views of security but they have mostly eroded in the face of mobile devices and the rise of cloud applications.

July 4, 2017

By David Sheidlower

Security professionals feel no great joy in being right about patching.  The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys  admin about the importance of patching. It’s been a long time for me but the memory lingers.)  

January 24, 2017

By David Sheidlower
Global Media and Advertising CISO

In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One 'All Infrastructure and the NIST Framework' and Part Two 'Hackers Are Not Afraid of Frameworks.'

There I was preparing part 3 of my close reading of the 2014 Framework for Improving Critical Infrastructure Cybersecurity from NIST and then I realized it was almost three years old. Soon, it will be under a new administration and version 1.1 is due for release anytime. 

July 11, 2016

By David Sheidlower
Global Media and Advertising CISO

Is that news?  No, of course it isn’t.  In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has. 

June 15, 2016

By David Sheidlower
Global Media and Advertising CISO

Each infrastructure is critical to someone.  Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say.  In fact, the increasing criticality of all aspects of infrastructure underlies all our assumptions about security and privacy.  

March 29, 2016

By David Sheidlower
Global Media and Advertising Company CISO

I tell users all the time “Forget everything you learned in Kindergarten.”  It always gets a laugh, gets their attention and gets my point across.  

It’s not nice to share (your password).  Secrets are really ok (your IP address).  Not only should you not take candy from strangers, you should not take strange candy from people you know (probably a phishing attack).  

January 11, 2016

By David Sheidlower
Global Media and Advertising Company CISO

In August of 2010, Huping Zhou who had served as a researcher at the UCLA School of Medicine and had since been terminated, was sentenced to jail time for inappropriately looking at the medical records of his immediate supervisor and some notable celebrities including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. 

November 16, 2015

By David Sheidlower
CISO Global Media and Advertising Company

Focus is over-rated when you’re starting out.  The original idea for my presentation at The Privacy & Security Forum in Washington, D.C. was to talk exclusively on how security controls relate to the frameworks that sweep them up and organize them.   It was to be “how controls become a framework” in the spirit of the grammar school lesson ”how a bill becomes a law.” 

It ended up rather differently.  

October 28, 2015

By David Sheidlower
CISO Global Media and Advertising

Privacy folks and security folks were finally intermingling by design and not by accident or through one or the other being adventurous.  I’m a huge proponent of the two being intermingled (my post Security and Privacy walk into a bar is an example).

So I was glad to attend the inaugural Privacy & Security Forum hosted at George Washington University and organized by Drs. Daniel Solove and Paul Schwartz. "The Privacy + Security Forum went incredibly well in Year One.  We had amazing presenters, an impressive audience, and an exciting interchange exchange of ideas at sessions," Schwartz said.

Page 1 of 3 : First   1 2 3 Last

The Human Factor: Gain new insight into the ways attackers exploit end-users' psychology​​

About Security Current | Privacy Policy | Subscribe to our newsletter