The CISO's Dilemma

Explore the challenges faced by Chief Information Security Officers (CISOs) in today's complex cybersecurity landscape through this keynote address from the Hack In The Box Security Conference. Delve into the balancing act of enterprise defense, examining issues such as the evolving threat landscape, shortage of infosec expertise, rapid obsolescence of security products, and increasing compliance requirements. Gain insights from the speaker's 18 years of experience working with global organizations as an offensive testing vendor, and learn about the characteristics of highly effective CISOs and internal infosec teams. Discover strategies for navigating the "razor's edge" of information security, including understanding organizational relationships and culture, addressing cybersecurity capability asymmetry, leveraging swarm intelligence, and applying spiral dynamics. Reflect on leadership challenges, core DNA of security teams, and the importance of empowerment in cybersecurity roles. Consider the ultimate dilemma faced by CISOs and contemplate the future direction of the field.

Introduction
Why we are not building a defendable Internet
CISOs Dilemma
Journey of a CISO
Budgets
The CISOs Dilemma
Understand Relationships
Understand the Culture
Learnings of Three People
Cybersecurity Capabilities Asymmetry
Swarm Intelligence
Spiral Dynamics
Leadership
Core DNA
The swamp
Bad apples
Empowerment
The Big Dilemma
The Most Important Question
Two Letters
Conclusion
Being Humble
Offensive or Defensive
Where do we go
Slides