Please tell us a bit about yourself, your background, and your journey of becoming a Virtual CISO at DuHart Consulting – what is a Virtual CISO anyway?
Being a virtual Chief Information Security Officer (CISO) located in the lower eastern region of Tennessee, my objective is to enhance the security of organizations. Small organizations often lack a dedicated security team and may be misguided, requiring assistance to navigate the right direction. By providing unbiased advice, I aim to extend my support and help these organizations in need. Even a small amount of assistance can have a significant impact on their security posture.
How does your organization approach risk management and what steps are taken to identify and mitigate cyber risks?
The approach is primarily manual and ad-hoc but relies on established risk frameworks that have been simplified into understandable business language for practical use.
How do you prioritize cyber risks within your organization and/or for your clients and what factors do you consider when making these decisions?
The primary consideration is the business requirements of the organization. It is crucial to determine what the organization needs, how much risk it can tolerate, and how cybersecurity measures can be implemented to support business objectives without impeding operations.
How do you stay up-to-date with the latest cyber threats and trends, and how do you incorporate this information into your cybersecurity strategy?
In addition to my role as a virtual CISO, I am a full-time practitioner who regularly integrates knowledge from various sources in the cyberspace. I create original content on relevant topics, participate in podcasts and events, and actively engage with peers by sharing and receiving information.
In your opinion, what is the most important factor in creating a strong cybersecurity culture within an organization?
The focus is on cultivating individual relationships, effective communication, and leveraging business tools and channels to foster a culture of continuous improvement.
