Thanks. I am interested in hearing from the practitioners what they would like their CISO to know/be/do to be a better CISO

I’m thinking about getting back in the game. What does everyone thing a CISO should know? What makes a good CISO?

Hi all. It’s Jerry from the interview talking about infosec.exchange. I think it’s important to understand some apparently missing context in the discussions below. I was talking about a hypothetical future where we saw tens/hundreds of millions of active accounts on the fediverse. I don’t believe the current funding model can support that, and I also don’t think the “spin up your own host” model will work for the masses, either.

I host close to two dozen different fediverse services, from lemmy to mastodon to mbin to peertube and lots more, and all that takes some significant hardware to run at larger scales. My objective has been to provide a fast and reliable fediverse experience, and so I’ve focused more on that than on making my servers scream, and so I’ve landed on hosting the fleet on a series of Hetzner Dell servers with 10GB interfaces, and that is not cheap.

I am not sure if the “he” reference is me, but I did ask and people did step up to support the costs of running the instance.

Hey all, Jerry here (from the interview). Happy to answer any questions.

I’ve worked in all levels of management, including C-level at a Fortune 500 company, and I can tell you that from the perspective of the C level, the tools are a given. If the employees have complaints about the tools, the perception is that either the mid to lower level management or the employees are not competent and need to be replaced with ones that are able to deliver on the promise of the tools.

(I say this without judgement - most of the time it’s BS, some of the time it’s true)

What do yall think a CISO of today needs to know/understand?

good luck! I was an amazing day when I got my CISO position. It was an even better day when I left it :)

How do you validate the responses here?

I’m not sure what you mean?

Has anyone taken a course in FAIR? Wondering how useful it is…

Mbin performs quite well. I just applied the most recent update which removed mercure and it’s very fast now.

I was probably the most prominent person who runs both and had database issues with k/mbin. I am happy to say that those are well behind me, largely because of the skill and patience of the Mbin team helping me resolve them.

It’s a rough job market for several reasons. My best recommendation is to do something that will distinguish yourself from others (blog, podcast, etc etc) and also try to establish a relationship with someone at prospective employers to get them to “pull” you in. I know, I know, easier said than done, but that’s where we are at.