In early April, Wall Street’s oversight committee announced that bank’s oversight of cybersecurity measures at outside firms it does business with remains a work in progress, at best. It cited a survey of 40 banks that found that only about a third require their outside vendors to notify them of any breach to their own networks, which could in turn compromise confidential information of the bank and its customers.
Does your organization have an active program that conducts reference checking on employees before they are hired? Ownership of the pre-employment vetting process does not often reside with the security function within the organization. Some companies outsource background checks to third party organizations to share the task. Many of these policies are impacted by legislation, and limitations can be imposed on the use of various vetting methods.
At some point during your working life, you will find yourself looking for a new job. There are a wide range of circumstances that may bring you to that point, ranging from retiring from public or military service; corporate reorganizations and/or leadership changes; you’re terminated; you resign; the location at which you work is destroyed; your company collapses financially; or you just want to advance your career in a new environment. While each of these circumstances may influence how you will position yourself during the job search, there are a number of common factors that place immense stress on an already difficult process.
How would you like to develop a security operation that can be benchmarked and based on reliable standards reduces liability, improves professionalism and makes a positive impression on the C suite. Wouldn’t it be nice if a blueprint for such an organization existed?
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?