Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
ISE® NORTH AMERICA LEADERSHIP SUMMIT
Cyber, the Path to CISO
“How Cyber is Evolving the Role of the Modern CISO”
Gary HayslipCISO
City of San Diego
Keynote Presentation
ISE® North America Leadership Summit #ISEawards
Background
Started with computers in early 1980’s as a teenager.
Served 20 years in US Navy working with computers and cyber security. (1986-2007)
Spent 6 years as a Federal Civil Servant for the US Navy as a CISO.
Spent last 4 years as the Deputy Director of IT and CISO for the City of San Diego, CA
In 30 years I have worked numerous positions: developer, network administrator, network engineer, security architect, security auditor and security forensic investigator.
Worked on and audited federal and military networks from all over the world. (architecture, security controls, policies)
Why this background is important – Cyber security whether in the Federal Government, Municipal Government or Commercial has many moving parts – its not just one check box.
Gary Hayslip, CISO
ISE® North America Leadership Summit #ISEawards
San Diego Trivia
11,000+ employee’s
14,000+ desktops & laptops
500+ tablets and mobile devices
1000+ City issues cell phones
City has over 24 networks with an estimated 35,000+ endpoints.
Sensitive data types such as PII, PCI, HIPAA, & Financial
Installed technology ranges from 1980’s type hardware to state of the art cyber security analytics software.
Internet-of-Things (IoT) in large scale enterprise deployments
Average 1 million attacks on its networks per day
City of San Diegoby the Numbers
ISE® North America Leadership Summit #ISEawards
The UsualCommon challenges for a CISO
• Disparate technologies
• Gaining visibility into strategic business processes
• Entrenched processes & workflows
• Budget? What budget?
• 3rd Party vendor risk – managing it
• Cyber – lack of understanding its value by executives
• Where is my data? Who has access to it? What is it used for?
What is considered critical?
ISE® North America Leadership Summit #ISEawards
Surprise!Challenges that surprised me as CISO
• Working for an organization that is 24/7
• Dedicated employees who want to
partner with cyber
• We don’t own our data?
• Collapse of the perimeter
• Cloud is everywhere
• Visibility = Budget & More
ISE® North America Leadership Summit #ISEawards
I am Being Educated
Top 3 things I learned as CISO in my 1st Year
• Its all about relationships
• You must be innovative
• Politics, Projects, & Funding
ISE® North America Leadership Summit #ISEawards
Changing MindsetSo why is this important?
• Stakeholder departments have different
business requirements & needs.
• Matching executives expectations with
reality.
• Risk Management = Its all about the grey.
• Environment is constantly changing
• Collaboration or die
• Job is not for the meek
ISE® North America Leadership Summit #ISEawards
Growing Threats
Threats - Hacktivism
ISE® North America Leadership Summit #ISEawards
Building a PlanTo be effective, you need a plan
ISE® North America Leadership Summit #ISEawards
Building a Security ProgramCyber – Building a program
Anti-Malware Platform
Daily Operations (SIEM)
Network Behavior AnalyticsData Governance
Continuous Scanning, Remediation, Monitoring
ISE® North America Leadership Summit #ISEawards
Building Your Teams
Cyber Operations Team
E1472/Sire support for City Clerk
eDiscovery Services - PRAs, Investigations, management of email storage archives.
Remote Access Management – (VPN/Netmotion)
Manage SAP Security service tickets – request assistance with issues (accounts, roles, permissions, renames)
Active Directory (New accounts, Share drive Folders, Permissions, Group Policy Management)
Okta – Single Sign On (User Account Applications provisioning & management)
Application Vulnerability Tracking (Desktops)
Server Vulnerability Tracking (Unpatched Servers)
Varonis Server – User, Data analytics platform to manage the location, access, use of city data
Office 365 – new email accounts, group email account management.
ServiceNow Implementation/Administration – management of security services/projects
Cyber Security & Risk Management
Cyber Engineering Team
• Sumo Logic - Search, monitor, analyze and visualize data
• AttackIQ - Live Attack/Validation Scenarios
• PCI DSS – management of credit card documentation for the city to keep certification.
• PacketSled - Next Generation Threat Detection and Network Forensics
• Maltego - Intelligence and Forensics
• Cyberflow Analytics – Network and user analytics platform
• FireEye - Automated threat forensics and dynamic malware protection
• MS-ISAC “Albert” Service - Federally Funded Monitoring from the Multi-State Information Sharing and Analysis Center
• NESSUS Continuous Monitoring - Vulnerability Assessment Solution
• Netskope cloud security data analytics and threat platform.
ISE® North America Leadership Summit #ISEawards
Multiple RolesRoles for the CISO are evolving
It was with this change in roles and the belief that
the CISO brings value to an organization that
drove us to write the CISO Desk Reference Guide.
ISE® North America Leadership Summit #ISEawards
Roles to Bring ValueCISO, new roles to be effective
• Old role – business protector
• Information Security
• Not viewed as a strategic resource
• New Role’s• Organizations want a business partner
• Risk Management
• Business Enabler
• IT Governance
• Need “Operational Resiliency”
• Cyber seen as a business enabler• Expert in security and risk management
ISE® North America Leadership Summit #ISEawards
Risk and More Risk CISO – Risk Manager
• Cyber through a risk lens• Risk assessment methodologies
• Risk of installed technologies & software (visibility)
• Continuous monitoring, assessment and remediation
• 3rd Party Management• Vendors
• Strategic Partners (impact to organization)
• Organizations (Local, State, Federal)
• Whose risk is it?• Old View – if its critical you must fix it.
• New View – business sets priority, the CISO provides
analysis but the business decides.
ISE® North America Leadership Summit #ISEawards
Cyber + Business = Yah!CISO – Business Enabler
• Provide risk insight into areas such as:• Mergers & Acquisitions
• Cloud Computing
• Mobile Technologies
• Business Continuity
• Disaster Recovery
• Key member of IT leadership team to assess new technologies
• As a member of business team• No longer the “innovation killer”
• When expertise is requested for a project• Business requirement driving the project
• Work for a solution that enables and is secure.
ISE® North America Leadership Summit #ISEawards
IT’s Report CardCISO – IT Governance
• Strategy & Business Alignment• Cyber security program aligned with organizations strategic goals
• Management of IT portfolio
• Risk Management Framework
• Establish risk baseline
• Monitor residual risk
• Roles & Responsibilities• Audit roles & access
• View access as a life-cycle
• IT & Security Report Card• Operational metrics – establishing risk and security baselines
• Executive Metrics – reporting the business impact of collected metrics
(should be tied to business operations)
ISE® North America Leadership Summit #ISEawards
Cyber as a value added service!Cyber as a Service Need to understand what is important to organization◦ Data
◦ Applications
◦ Processes
Work with business units to implement security controls that don’t hinder◦ Continuously inventory, assess, monitor, scan and remediate
◦ Understand your impact
Through innovation look for secure solutions to aide the business◦ SSO, 2FA
◦ MDM
◦ Cloud solution's
◦ Data Governance
◦ Authentication, Access, Management, Storage etc.
ISE® North America Leadership Summit #ISEawards
Cyber! A strategic partnershipCyber – Its about the Maybe
• You’re a strategic partner
• Risk Management, Governance, Business Enablement
• The organizations users are your customers
• Continuously review and assess the service you provide to organization
• Use metrics to measure your maturity level
• You are not there to say “No”, your job is to say “Maybe”
• Need to know your customers
• Need to know your strategic plans (IT & Organization)
• Knowledgeable on alternatives
• Educate yourself, your teams, staff
• Provide guidance for secondary solution
• Enable the business & still reduce risk exposure.
ISE® North America Leadership Summit #ISEawards
Department of I.T. – Cybersecurity Division
Questions, Rants, Discussions?
Gary Hayslip
Deputy Director, Chief Information Security Officer
@ghayslip
https://www.linkedin.com/in/ghayslip
619-322-6636