Profile picture
, 15 tweets, 3 min read
Bit of an interesting tale about someone who I understand is about to be "let go" after a fairly short time as a CISO. First off, this is not a defence of the person, most people disliked them. It is more a comment on the culture and its problems. (1/?)
First off - the person didn't have the strongest security background and they did rub the security team up the wrong way (including some odd decisions). However, they were brought in to the organisation as an EXPERT over and above any internal candidates (2/?)
They were brought in because the organisation identified that it had problems across many departments and it needed a (new role) CISO to fix this. The person was engaged with a view to a "root and branches" overhaul with no baggage from previous management. (3/?)
In the early days they had unbelievable levels of support. Everyone agreed with their strategy and approach, everyone went to meetings saying they supported this deep dive into problems and everyone said how positive the outcomes would be (4/?)
Then things started to change. Just to reiterate, this person was annoying to security professionals but lets ignore that for now.
They started analysing all the controls and processes that each department had. (5/?)
As you may guess, they found problems. Lots of problems. They found countless instances of people saying "we do X" while doing Oranges. This started to find its way into the "state of security" type report. (6/?)
As if by magic, all the previous supporters turned into dire enemies. People still supported the CISO to their face, but monumental amounts of effort were spent undermining them in trivial ways. Most of this was more effort than just fixing the problems. (7/?)
In a surprisingly short period of time, this soured everything for the CISO. The execs who hired them, with the promises that "we want warts and all" decided that they didn't really want to know about warts - and certainly didnt want to fix it. (8/?)
As a result, after a surprisingly short period of time, the CISO was "let go." Some people in security were OK with this because the CISO was unpopular. But this overlooks the real problem. (9/?)
Culturally this was an organisation with so many vested/legacy interest groups that any attempt to correct past mistakes was met with overwhelming resistance. Not one senior manager was prepared to accept responsibility for improving. (10/?)
They consciously and deliberately opted to bury the message (and the messenger). They wanted to keep reporting to the Board that all was well and, as a result, underfund any improvements. (11/?)
But an even worse problem was the senior leadership who brought the CISO in. They clearly lied about their goals and expected to simply get a box ticket. When an issue appeared, leadership vanished and they silenced the troublemaker. (12/?)
The end result was that (for the nth time in recent years) and organisation had a brief opportunity for great improvement but instead fell for internal politics and infighting from people who are realistically unemployable in any other place. And no one seems to care. (13/?)
I am not sure there is a lesson here. CISO's need to understand organisation politics but most do. This was more a role which was a trap. They've even decided to no longer have a CISO, instead IT Security report to IT who report to CIO. Clearly, this is a bad idea (14/?)
But no one cares. Now it is harder for people in IT Security to show up the people who are making bad decisions. The organisation's board and senior leadership seem happy that no one is reporting problems. If this doesn't worry you, you probably dont work in security... (15/END)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Taz Wake

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
CruelisCruel @shirocestzine
@CruelisB
Sheith Cheating Thread
(boy this needs a bunch of warnings)

(#katt) fwb to lover, married Shiro, Endgame #sheith, heartbreak, hurt, angst, possibly no comfort
#Vlds8 #canonverse

To cure a heartbreak simply throw yourself into the next relationship that comes along - said nobody ever. But Keith's friends who could teach him that much aren't with him when one day Matt hangs out with him.
It doesn't start out inherently sexually, no. Matt's honest motive is to become friends with Keith, seeing the situation as it is with them both far away from Earth and drowning in work to rebuild what has been broken during the war.
Read 242 tweets
Profile picture
Sotiri Dimpinoudis ❁‏
@sotiridi
#Breaking: Just in - Reports that some fighter jets of the Israeli airforce have been taken of just recently, and that #IDF drones and helicopters are entering the airspace of the #Gaza strip right now! #Israel
#Update: #Israel's ambulance service has raised it's alert level to the highest possible across southern #Israel as continued systematic preparation of escalation continues. #Gaza.
#Update: All night confusion protests of #Hamas at the #Gaza/#Israel strip border this night will be cancelled!
Read 68 tweets
Profile picture
ENoCH
@elenochle
Interesting video/pics coming from NYC

#whoa
#interesting
#NewYork
Read 16 tweets
Profile picture
Linda Tirado
@KillerMartinis
But while I charge up (never leave the house without all your batteries charged even just for a beer, writerly kids, in case you trip across a story and don't come home for 36 hours) I'm being asked about dates

So my time in service is the genesis of "Linda Goes To A Bar"
like if I go to any random bar, I already know these people. I have seen whatever scenario this is play out a few times before, which is how I know who to watch when I go settle in a new place.

FYI service staff are 100% watching your dates if they look interesting.
There are only so many possible ways for a date to go, and I will also say that couples become entirely uninteresting on Date #3 because that's just a couple people who like each other hanging out. There's zero drama or anything there. They just eat, flirt, pay, leave.
Read 9 tweets
Profile picture
Andrew Althouse
@ADAlthousePhD
OK, folks. Let’s all sit down for a quick chat about this article the “Annals of Medicine” coughed up a few weeks ago about RCT’s: tandfonline.com/doi/full/10.10…
This will be my longest TWEETORIAL yet, but that’s because we have a LOT to talk about here
Several others have discussed this recently on Twitter and I welcome their thoughts as well (@statsepi, @stephensenn, @briandavidearp, @Prof_Livengood, @learnfromerror)
Read 76 tweets

Trending hashtags

#children #LGBT #women #nsfw #mens #Hamas #extermination #Update #bioarchaeology #Queens #Fuckwits #Rafale #people #sheith #JFKJr #AIPAC #girls #Isreal #IDF #transphobic #medtwitter #canonverse #VoteNo #Eshkol #Eurovision
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!