#60 - CISO Knowledge Domains Part 2

One of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO?  After a lot of reflection, CISO Tradecraft put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs.  This episode is a continuation from the previous episode and will go over the 6th -10th knowledge areas.

1. Product Security focuses on ensuring developers write secure code
2. Defensive Technologies focuses on creating multiple layers of defenses in an organization to protect against a multitude of attacks
3. Detection & Response Capabilities is about creating mechanisms to identify how attackers might circumvent your organization’s defensive technologies
4. Laws, Regulations, & Oversight is about ensuring compliance with appropriate laws and regulations
5. Enabling Technologies is about enabling businesses to create digital transformation
6. Risk Management is about effectively identifying what are the biggest risks to the company, what's the likelihood and magnitude of a potential attack, and how to estimate the cost of remediation
7. Governance is about understanding what technology your organization uses so you can effectively manage it through a process
8. Identity & Access Management is about limiting the scope of an attacker who could cause harm to your organization
9. Business Management & Leadership is an essential skill for executives to lead and influence others
10. Security Culture is about building an organization where the entire company becomes resilient

https://github.com/cisotradecraft/podcast

Infographic: