Monica Verma

To succeed as a CISO, you need to learn how to manage expectations of employees, customers, business, board… in terms of what security level they can get within the real constraints like resource, time, budget… without destroying usability, user experience, behavior & culture (because those are key for success) vs. what is really needed in terms of controls, measures, behavior, culture etc. to manage the threats and risks effectively for the org. At the same time not every battle is worth picking but you need to pick the “right battles” that brings security forward and moves the needle forward, as well as the much needed skill and ability to negotiate on those “battles” including behavior and cultural changes that are needed to support a more security aware workforce whilst still maintaining user experience and security as per risk and threat. This is your day to day as a CISO, among many other types of expectations management and negotiations… cc: @jayl4puri and others who might be wondering

They left 2 years ago. But could they still have access? Expert CISO @montalkscyber has some simple but essential advice: take a look at your company’s offboarding process. You could be amazed who can still get onto your system. What’s on your cybersecurity task list for today?

@001Gutiee @sisinerd Thank you for the shout-out. 🙏

DeAr Cyber Security Wannabe, Here are 10 Cyber Security Leaders that you can learn from. 1. @sisinerd - Confidence Staveley - I just can't keep up with her awards recently. Founder of the CyberSafe Foundation, she is everywhere. She's also a published author. 2. @MonTalksCyber  - Monica Verma - From Norway, Monica is a CISO with over 20 years of experience. She travels the world speaking and has a fantastic story of beating the odds in this industry. 3. @cybersecmeg - Meg West - Always pouring out content on Twitter, I love her sense of humour and friendly tweets. 4. @Infosecpat  - Infosec Pat - This guy pours out wisdom every day.  I had a chat this morning with him and he's just fun! 5. @_JohnHammond  - John Hammond - If you don't know him by now, you should.  Probably one of the smartest people I've ever seen.  His in-depth knowledge is incredible. 6. @HackingDave - Dave Kennedy - He's the founder of TrustedSec and Binary Defense. The things he is doing for the cybersecurity community are amazing. He and his company pour out so much care for others. He's also not a guy I want to get into a street fight with. 7. @SwiftOnSecurity  - I always love the humour on these posts.  They are just worth it. 8. @corg_e  - Corgi - a pentester, Corgi is always putting out great resources and super cool content about the cyber security industry. 9. @troyhunt  - Troy Hunt - Founder of Have I Been Pwned, has done a ton for the cybersecurity community.  I love what he is doing! 10. @chompie1337  - Chompie - Hacker, Security Researcher and much more, Chompie's knowledge is incredible.  I highly suggest reading her content. There isn't enough room to list every single person I look up to.  The cyber security community is full of fantastic people. Who are some of your favourites? #cybersecurity #informationsecurity #infosec #leadershipbyexample

Luck finds you faster when you're focused on putting in the work.

Only if I had a penny for every time a vendor said that they are 100% secure, I would be a millionaire. Add NextGen to that, and I'd already be a billionaire. Add AI-enabled to that, and I'd probably become the first trillionaire. Who knows!

5 ways to become a better CISO: 1. Care about your users 2. Build a non-blame culture 3. Throw away jargons in the bin 4. Understand your business' POV 5. Master the art of comm. & negotiation What would you add?

The ability to be resilient and bounce back from adversity is the greatest trait of a successful CISO and leader.

That's a wrap! If you enjoyed this thread: 1. Follow me @MonTalksCyber for more of these 2. RT the tweet below to share this thread with your audience

Great communication is: - Tailored to the audience - Relevant to the stakeholders - Timely and accurate to their needs Otherwise you are just spamming them. Here you can read the 7 lessons in details (with real CISO stories): monicatalkscyber.com/blog/7-lessons…

Being a first-time CISO is hard! Everything takes 2x time and 3x making mistakes (eventually learnt the hard way). But you don't have to... 7 lessons I wish I knew before my first CISO gig to help first-time security leaders keep moving forward and succeed! 🧵👇

As a CISO, more than 90% of your job is expectations management and negotiation. Not every battle is worth it. Save your time and energy for the battles worth it. Knowing what is worth negotiating is even more important than knowing how to negotiate. Pick your battles wisely.

Hot take: If you want to be a successful security leader, get comfortable with taking and understanding criticism. You want your stakeholders and your team poke holes in your ideas and solutions faster than cyberattackers can.

Unpopular opinion: AI-enabled is NOT the solution to everything.

A fact: Past performance or history is not a reliable indicator or metric for when will you face a cyberattack (next).