As a CISO, it’s likely that you often hear about what you should be doing to protect your systems and data better: Buy this software. Deploy that system. Use this service. Hire these people, etc..
However, how often do you hear about what you should stop doing, which technologies you should turn off, or which projects you should cancel?
Recently I posted a query about this to a security expert community on LinkedIn, and also spoke with hundreds of CISOs during roundtable dinners as part of a research project with a large group of CISOs and other experts. The goal of the project is to redesign our operating model of security and challenge every aspect of how we manage our controls today to prepare for digital transformation.
The post asked participants to help build a list of things security executives need to stop doing. The query drew more than 200 comments, covering a range of cybersecurity areas — including firewalls and their place in the modern security program. One of the examples provided from the CISO