4 years on, it is starting to look like the introduction of the GDPR has not been the decisive moment for data privacy many were expecting. At every anniversary, a number of articles emerge assessing the impact GDPR might have had on business. 4 years into it — 6 since it was approved — and in spite of the peculiar business context created by the Covid pandemic and its aftermath, we may be reaching a point…

What is now required is political acumen, managerial experience and personal gravitas, more than raw technology skills. In spite of being widely used, the role of the Chief Information Security Officer (CISO) has only had a few decades of existence and is still evolving. Research from the Security Transformation Research Foundation — based on the semantic analysis of the content of 17 annual global security reports from…

The times have gone when the CISO had to explain what cyber security was about and the value it brought In the face of non-stop cyber-attacks, and the urgency of change around cyber security practices in large firms, the CISO has to be — first and foremost — a leader. The role can no longer be limited to its technical content. Cyber security has a technical dimension of course, and…

Revisiting the questions the Board should ask (one more time…) This piece in the HBR caught my attention (“7 Pressing Cybersecurity Questions Boards Need to Ask” — Dr Keri Pearlson, Nelson Novaes Neto — 4th March 2022), not least because I wrote on the same theme and framed it in the same way at least on two occasions in 2016…

This is no longer just about tech — if it ever was Surveys focused on the concerns and priorities of the CISO community have been quite consistent over the last few years, and collectively, they paint a slightly uncomfortable picture: The picture of CISO roles and security practices still operating bottom up, disconnected from the dynamics of the business and the broader…

When some people say they don’t know what to do around cyber, you may want to ask them where they have been for the last 10 years… For a number of years, I have been puzzled by the high idea some cyber security professionals seem to have that their job is about convincing other people: Convincing users that they need to do certain things to protect themselves and their data; Convincing the Board that they need to…

Stop buying more tech for the sake of it and start focusing on the decluttering of your cyber security landscape. For the past two decades, most large organizations have kept addressing cyber security as a purely technical problem. And let’s face it: Many are failing to protect themselves, not just because the threats morph constantly and faster than they can adapt, but primarily because of endemic execution problems around the…