Security leaders, how are you working with your CIO when it comes to ‘secure by design’ strategies/projects? Are you seeing any progress/benefits come out of those efforts yet?

Security Strategy & RoadmapSecurity & GRCInternal CXO Relationships
2.8k views7 Comments
Sort By:
Oldest
Director of IT in Healthcare and Biotecha year ago
I happen to wear both hats and it is really a mindset that has to come as part of the work.  I view it as part of requirements gathering and it just means we have that in mind from the get go.  All 3rd party vendors have a security review from the start and we just incorporate this mindset across the organization.
1
Chief Technology Officer in Mediaa year ago
Yes there are benefits like enhanced security, cost savings, reduced risk, user trust and reputation.
VP of Strategy and Product Management at Nextgen Clearing in Telecommunicationa year ago
Absolutely. This is a critical part of the relationship and key to our success.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Senior VP & CISOa year ago
AS others mentioned, there are benefits related to cost savings, risk reduction, and improved security. But i think the real value to the CIO is they gain the time back for their team -- no more rework, fire drills, proactive not reactive, etc. By shifting left, the work is done up front and more efficiently. 
CIOa year ago
There are a few comments here related to risk reduction, operational efficiencies, etc. which are all exactly right. The benefits in the big picture are (nearly) indisputable. I think the challenge is how and where to begin - Do we start a 'Secure by Design' project as a separate entity? Do we designate product managers or senior developers as Security Champions?  My personal experience is that Secure by Design feels a lot like Six Sigma efforts of years past. Big program offices are expensive and prone to failure. Success here for me has been very tactical, enlisting a key leader or two, or selecting a single prominent to focus on as a win. Then, build on that ground up. 
1

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

For a medium to large enterprise, we are reviewing options for phishing simulation tools to enhance our security awareness program. Could you share any recommendations or experiences with specific tools that have worked well in your organisations?

SecuritySecurity Strategy & RoadmapAwareness & Training
Information Security Analyst in Manufacturing6 days ago
I have experience with a couple of different phishing simulation solutions, from the earlier Wombat phishing simulation platform (now Proofpoint ThreatSim) to KnowBe4.  Wombat was always a good solution, but I haven't used ...read more
1 Reply
314 views2 Comments

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments