armorguy - Network

Hey, friends!Just a quick update. My last day as CISO at Northside Hospital is October 11th. I've had a great 10-year run there and...

Hey, friends!

Just a quick update. My last day as CISO at Northside Hospital is October 11th. I've had a great 10-year run there and I'm choosing to leave so that the next CISO can take it to the next several levels....and maybe because CISO Burnout is a Thing.

Not sure what comes next.... The plan is to take some time off to decompress and reorient and see how things work out.

Will let y'all know how this turns out. :)

Had a good giggle this morning listening to @riskybusiness talk about Julian Assange. The fact that he spent more time locking himself in...

Had a good giggle this morning listening to @riskybusiness talk about Julian Assange. The fact that he spent more time locking himself in and in custody for trying to skip bail than he would have been sentenced to is a very VERY delicious irony.

The life of a hospital system CISO...allegedly...

The life of a hospital system CISO...allegedly...

Pro Tip: I get you're selling Cyber Security Asset Management but that *particular* acronym has pretty much meant some *very* different...

Pro Tip: I get you're selling Cyber Security Asset Management but that *particular* acronym has pretty much meant some *very* different for a while. You might want to update your marketing materials....

The blast radius of the Change Healthcare "cyber security incident" is huge and growing larger by the minute.This is not just an...

The blast radius of the Change Healthcare "cyber security incident" is huge and growing larger by the minute.

This is not just an impact to healthcare providers but - more importantly - to people trying to get prescriptions filled and get their benefits validated for treatment.

We live in interesting times, folks.

CISO Tip: Normalize privately telling other IT and security folk how they are perceived by you and (potentially) by their peers with some...

CISO Tip: Normalize privately telling other IT and security folk how they are perceived by you and (potentially) by their peers with some ideas on what they can do to improve. Assume positive intent on their part and let them know that. A lot of folks in our line of work are somewhere on the spectrum and just don't realize how they are coming across and can genuinely appreciate a private word. #justsaying

TFW one of your "Special Partners" lights up an LONG email complaining about how "intrusive security controls" are...

TFW one of your "Special Partners" lights up an LONG email complaining about how "intrusive security controls" are preventing them from "accomplishing key goals". The cc: list for this email is LARGE.

Then TFW you can let that "Special Partner" know - via Reply All - that the link they were clicking on is a phishing site and all the controls are working as designed.

And then TFW you get the Reply All from the "Special Partners" boss letting them know they can talk about it in their 1:1 tomorrow.

So let me get this straight...You send me an unsolicited email telling me that if $COMPANY had only implemented your product that the...

So let me get this straight...

You send me an unsolicited email telling me that if $COMPANY had only implemented your product that the $BADTHING would have been prevented. Then you want me to click a link and find time on your calendar for a call?

:: heavy sigh ::

I have only one question for you...

Have you yet regretted the decisions that have brought you to this point in your professional life?

<Steps on CISO Soapbox>Hey! Hey, Marketing people!Do you realize that ambulance chasing cold e-mails that tell me how 'if only...

<Steps on CISO Soapbox>

Hey! Hey, Marketing people!

Do you realize that ambulance chasing cold e-mails that tell me how 'if only HospitalX had our product and/or service they would not have had that incident three days ago' do only one thing?

They make me add you to the list of companies that I will *never* do business with.

Looking at you, Fortified Security and iC Consult...

Quality guidance geared towards non-technical Emergency Management folks about planning for cyber incidents. Lots of really good content...

Quality guidance geared towards non-technical Emergency Management folks about planning for cyber incidents. Lots of really good content here...

https://www.cisa.gov/news-events/alerts/2023/11/07/fema-and-cisa-release-joint-guidance-planning-considerations-cyber-incidents

"It is a truth universally acknowledged that a CISO in a previously unscheduled conversation with attorneys on a Friday afternoon must...

"It is a truth universally acknowledged that a CISO in a previously unscheduled conversation with attorneys on a Friday afternoon must be in want of a Gin-and-Tonic."

"Ports & Protocols" by 'A CISO"

Godammit, Lockbit!#NoContextToots

Godammit, Lockbit!

#NoContextToots

Your Executive Business Advice For Today:"While reviewing contracts you must take extreme care not to confuse your own legal counsel. ...

Your Executive Business Advice For Today:

"While reviewing contracts you must take extreme care not to confuse your own legal counsel. The results of confused counsel are expensive."

Finishing up week one (of two) of staycation. Spent most of this week completely disconnected from the internet (except for messaging close...

Finishing up week one (of two) of staycation. Spent most of this week completely disconnected from the internet (except for messaging close friends and family) and been building a gaming table.

Some notes:

1) I am sleeping better than I have in months.
2) I am eating healthier than I have in months.
3) I am spending more time and cash on hobbies than I have in months. 🙂

Overall it's been a very good week. I hope yours has as well, friends.

So I talked with some nice folks about what I've done and do... I hope it's...

So I talked with some nice folks about what I've done and do... I hope it's helpful...

https://www.exabeam.com/library/the-new-ciso-podcast-episode-88-the-patient-safety-model-developing-a-hospitals-security-culture-with-guest-martin-fisher/

TFW you realize the talk you are going to present on Thursday and has to be to the organizer by end of day truly isn't working but,...

TFW you realize the talk you are going to present on Thursday and has to be to the organizer by end of day truly isn't working but, BOOM, a new idea hits and you now get to spend the weekend developing a 45 minute talk.

#oooooof

The amount of BEC/phish attempts coming to our Accounts Payable trying to get us to re-route payments to vendors as a result of the SVB...

The amount of BEC/phish attempts coming to our Accounts Payable trying to get us to re-route payments to vendors as a result of the SVB implosion is mind-boggling.

Be careful out there, folks..

TFW you have to teach someone that sometimes you have to start slow to go fast.The amount of cycles we lose when we just blast off...

TFW you have to teach someone that sometimes you have to start slow to go fast.

The amount of cycles we lose when we just blast off 'solving the problem' versus taking just a wee bit of time to do a smidge of analysis and, you know, actually think about what we are trying to solve prevents rework caused by misunderstood requirements, faulty assumptions, and just general silliness.

Thanks for attending my TEDTalk.

"Let's take a moment to talk about shop safety. Be sure to read, understand, and follow all of the safety rules that come with...

"Let's take a moment to talk about shop safety. Be sure to read, understand, and follow all of the safety rules that come with your power tools. And, remember, there is no more important rule than to wear these ::taps:: safety glasses."

is the emotional equivalent of

“Anything we don't like, we'll turn it into a happy little tree or something; we don't make mistakes, we just have happy accidents.”

I will not entertain counterarguments at this time. 🙂

#NormAbram #BobRoss

"While not urgent per se can you call me when you have 5 minutes?"#TextsYouDoNotWantFromYourLawyer

"While not urgent per se can you call me when you have 5 minutes?"

#TextsYouDoNotWantFromYourLawyer