The role and expectations of a CISO are not what they used to be in the era of software supply chain security (SSCS).
Before the software supply chain attack on SolarWinds, CISOs had to balance business priorities with security at their organizations. This often led to sugar-coating risk for upper management. But after the SEC in 2023 charged SolarWinds’ CISO with alleged fraud and internal control failures over that attack, the game changed.
ReversingLabs Chief Trust Officer Saša Zdjelar, previously at Salesforce and ExxonMobil, joins Daniel Miessler, Founder of Unsupervised Learning, to discuss why today’s CISOs need to change their approach to security, treating the cybersecurity of an organization more like a Chief Financial Officer (CFO).
Key discussion points:
✓ Why the software supply chain attack on SolarWinds became a game-changer for what is expected of CISOs.
✓ Why CISOs must approach their role in security like a Cyber CFO.
✓ How CISOs can balance this new accountability with the demands of the business.
About the presenters:
Daniel Miessler is the founder of Unsupervised Learning and has nearly 25 years experience in Info Security with a resume that includes Apple, Robinhood, and other Fortune/Global 50 companies. He is the author of Technical Professions from Magical to Boring, host of the Unsupervised Learning Podcast and an expert on how standards are changing the cybersecurity industry.
Saša Zdjelar is the Chief Trust Officer (CTrO) at ReversingLabs and Operating Partner at Crosspoint Capital with ~20 years of Fortune 10 global executive leadership experience. His CTrO scope includes leadership, oversight and governance of the CISO/CSO function, including product security, as well as partnering with other leaders on corporate and product strategy, strategic partnerships and research, and customer and technology advisory boards, including sponsoring the ReversingLabs CISO Council.
About ReversingLabs: ReversingLabs empowers modern software development and security operations center teams to protect their software releases and organizations from sophisticated software supply chain security attacks, malware, ransomware and other threats.