What’s in the CISO Toolbox?

Published On: April 20, 2017

What’s In the CISO Toolbox?

April 20th, 2017
Ed Snodgrass, CISO, Secure Digital Solutions

The number and type of cybersecurity tools has exploded.  It’s virtually impossible for a security executive to stay current on what’s available.  Because of this, rather than adopting new products, it’s common practice for companies to continue to leverage and update what’s in place or choose a large vendor that has a deep and varied set of technologies.  Both approaches have benefits.  But both approaches have potential pitfalls as well.  Continuing to adapt current tools and controls minimizes wholesale change and leverages familiarity, but may lead to passing up something that may significantly bolster your risk mitigation strategy.  On the other hand, partnering with a large portfolio vendor may provide broad functionality and smoother integration but may run the risk of having to mold your capabilities around the tool set instead of using the tool set to support and automate your capabilities.  It’s not uncommon for organizations to employ upwards of 50 security tools with as much as 50% of the functionality within those tools going unused.  How do you decide?

There are some good sources.  Reaching out to your trusted peer network is a good start.  We’re all battling the same challenges (on differing scales), and the feedback from and discussion with fellow security leaders goes a long way toward determining the enterprise viability of a particular technology that’s based on real-world experience ‘in the trenches’ versus a perfect-world pitch.   Information sharing entities are beneficial as well.  The various Information Sharing Analysis Centers (ISACs) provide an environment that fosters collaboration and best-practice across industries.

These (and other places) are great examples of gathering background information to help in making technology decisions but ultimately, you have to make the decisions based on what you need and what will work in your environment.   And technology is only as good as the processes it enhances and the objectives it accomplishes.  Get back to basics by analyzing, evaluating and improving the performance of your core processes, allowing you to determine where technology can provide the best enhancements.

We can show you where you need tools and how your resources should be applied.


Browse These Topics


boost the protection of your data bridge the gap in your information security challenges build a cyber safe firm business decisions around security Challenges Facing Chief Information Security Officers CISO program efficacy CISO program management cyber security cyber security goals Cybersecurity management Cyber Security Mistakes cybersecurity performance management cyber security platform cyber security team Effective Data Security Measures effectively communicate with board members regarding cyber issues or threats elevate your security confidence elevating information security elevating your information security levels Identify Potential Security Weaknesses Implementing a Comprehensive Cyber Security Plan Implementing Strong Cyber Security Protocols Implementing strong security software protocols improve cyber security protocols Information Security Programs information security protection agency information security risk management information security solutions information security trends managing your information security effectively maturity of your information security and privacy programs measure security levels measure your security proprietary software can help you to protect your company Protect Against Costly Security Breach Protect Customer Data Protect Cyber Network risk management advisor risks of a data breach roadmap to better information security robust security monitoring service successful information security technology advancement top notch security software for your company traveling to high risk countries