A CISO’s Day at the Fair

Published On: March 10, 2017

By Ed Snodgrass, CISO, Secure Digital Solutions

Last summer I played ‘whack-a-mole’ at the State Fair.  The objective is simple – hit as many ‘moles’ as you can in the allotted time and the more you hit, the greater the measure of ‘success’.  But what’s the ultimate objective?  The moles will just keep rearing their heads so long as the game is plugged in to the wall.  Is the measure of success to hit the greatest number of endless moles – requiring more people with more hammers – or to unplug the game, stopping the moles for good and eliminating the need for a hammer altogether.

In a perfect world, we as security leaders would be able to simply unplug the proverbial game and stop the moles, but that’s not always feasible. On some projects though, it might be. The real challenge is that there’s a preconceived notion of what the rules of the game are. They’re accepted at face value. The only way to deal with the mole problem is ‘x’ or “It’s always been done that way.” And when we step up to the game and give the attendant our money, the idea of unplugging it probably never crosses our minds.

There are virtually no limits to the number of “games” you have to play as a security leader, but as I have learned the rules are often stacked against us when it comes to security project success.There is good news, but the solution may not be the one funding the after party at the next security conference. It may not be sexy, or the coolest thing to talk about with your peers, but it’s a cornerstone of project success – communication. A recent article on Fortune.com agrees.

“The biggest positive change any organization can make,” the BAE report summed up, “is not necessarily to buy the latest and greatest security product, but to improve its own internal communications.”

So, the moral to the story? No matter how much we spend on the latest and greatest technology, it won’t yield maximum value on its own. To get maximum value from our limited budgets, we need to make sure we are communicating why we are doing the project and the value it delivers to the business. In other words if the goal of the project is to unplug the game, we cannot expect to achieve project success if the business communicates that the goal is to continue whacking the moles. I’ll take the ROI from a security project that isn’t “cool” but demonstrates clear business alignment and communicates value to the business any day, versus a project implementing the latest technology that is being pushed by millions in marketing, endless emails, and voicemails.

This is one of many challenges in our industry that I am passionate about solving and why we developed the TrustMAPP platform.

Browse These Topics


2022 Cyber trends Affordable Information Security Platform Affordable Security Assessment Tool analyze security data findings analyze your security data Assess Company's Security Readiness ciso CISO investment strategies Common Employee Data Security Mistakes company cyber security plans company that specializes in preventing data breaches company’s Internet security cybersecurity budgeting cybersecurity is discussed in board meetings data breach readiness Data Security Data Security Tactics Facebook Safety Federal Trade Commission’s cybersecurity standards fighting security attacks financial data stolen improving the information security of your company increase cyber security across your entire company information protected from a Malicious Cyber Attack Information Security Best Practices interactive security software platform Keep Cloud Storage Secure long term information security solutions maintain a successful security roadmap predict and protect yourself from potential threats prevent a devastating security breach prevent unauthorized access to your network prioritize potential threats Real-time Cyber Security Software real time information security Recent High Profile Companies with Data Breaches reduce cyber vulnerabilities security software dashboard for your entire company security team assess risk Simple Internet Safety stay ahead of cyber security threats unintentional data leakage valuable metrics and processes verbally explain the cyber security threats victim of a cyber security breach