Michael Oberlaender has had cybersecurity leadership positions and CSO/CISO titles at enterprises around the world. He’s recovered companies from data breaches, built cyber-hardening strategies and policies, implemented cybersecurity budgets, forged relationships and communications with the C-suite, analyzed risks, and dealt with privacy laws around the world. And now, he’s written his second book, “Global CISO: Strategy, Tactics & Leadership — How to Succeed in InfoSec and Cybersecurity,” which takes his first-hand experience and gives CISOs and similar leaders a step-by-step approach to budgets and team building, privacy laws, security program planning and policy creation, backup plans, enumerating security metrics, conceptualizing SecDevOps (security, software development and IT operations), establishing a reporting structure, security architecture and design principles and more.
As one of Oberlaender’s toughest moments as Chief Information Security Officer of a global technology company in Houston, he describes when the company was hit with a major virus and zero-day attack. “In hindsight, we learned that a facility in Southeast Asia was not following security policies put in place and someone put a USB key that contained malicious code into a server. It steadily started an attack that was really devastating,” he recalls. Oberlaender developed a strategy to isolate all infected systems and, together with his team and the global organization, got the zero-day attack under control within 96 hours.