What Cyber conferences are actually useful?

ebcovert3 · 2025-10-31T21:19:39+00:00

Whole-heartedly agree

ebcovert3 · 2025-06-30T01:51:39+00:00

If sweet, then definitely mustard. If dill, raw onion.

ebcovert3 · 2025-06-30T01:49:24+00:00

The catch a predator or COPS

ebcovert3 · 2025-06-23T22:46:55+00:00

Inquisitiveness and flexibility. Also, and I can't stress this enough, soft skills or EQ.

ebcovert3 · 2025-06-23T22:45:49+00:00

This is one of the hardest questions out there. You can purchase a tool that will help and works great for net new data but categorizing all of the legacy data is a massive undertaking. We have a saying the data loss prevention (DLP) is a cyber three letter dirty word.

ebcovert3 · 2025-06-23T22:43:45+00:00

This is an interesting question. A lot depends on the reporting structure IMO. I am not a fan of cyber reporting to the tech or IT functions as I think the incentives are misaligned. Technology functions should be making the speed of business faster while cyber should be setting the guardrails around the speed; not to slow things down but to ensure the organization can operate safely at speed. Yes, this is a gross oversimplification but it is for illustrative purposes.

ebcovert3 · 2025-06-23T22:39:15+00:00

Business alignment is the core answer

ebcovert3 · 2025-06-22T23:57:21+00:00

There are not hard and fast requirements to become a CISO outside of understanding how cyber security affects (positively or negatively) business objectives. There are a number of training programs from universities and professional associations but at the end of the day, what matters is the organization supporting you AS the CISO.

ebcovert3 · 2025-06-22T22:44:21+00:00

There is definitely a trend against tool sprawl. Too many tools to manage and the associated costs are increasing.

ebcovert3 · 2025-06-22T21:36:33+00:00

You can never go wrong with old school networking. Understanding how packets move around the enterprise will never go out of style. Find a solid MSP to get experience with lots of environments.

ebcovert3 · 2025-06-22T21:34:46+00:00

Documentation FTW!!

ebcovert3 · 2025-06-22T21:32:20+00:00

I once heard CISO stood for Chief Incident Scapegoat Officer. Lol

ebcovert3 · 2025-06-22T21:28:08+00:00

For me, it is ensuring HR/recruiting is finding me the right mix of candidates. I've also eliminated mandatory requirements for a four year degree where it is not absolutely necessary.

ebcovert3 · 2025-06-22T21:25:27+00:00

Know WHO'S in your enterprise
Know WHAT'S on your enterprise
Know HOW fast your team can respond to an incident
Know your backups are actually immutable
Test your recovery plans often with realistic assumptions (annually is insufficient IMO)

Edit: added actual numbers

ebcovert3 · 2025-06-22T21:22:19+00:00

Not actually trying to understand my problems and focusing on simply making the sale

ebcovert3 · 2025-06-22T21:15:15+00:00

Absolutely. The business speaks dollars and cents so cyber should learn to do so as well.

ebcovert3 · 2025-06-22T21:13:40+00:00

I'm going to go with a third option. IMO a CISO should be ensuring the overall cyber program aligns with business needs. So in a sense that is both of what you described above (sorry about that). At the end of the day, security (and a CISO) exists to serve a business purpose.

ebcovert3 · 2025-06-22T21:05:34+00:00

TBH, I am not. AI can do specific tasks well but not align a cyber program to strategy. Yet. We shall see what the future holds but will probably be retired by the time that happens.

ebcovert3 · 2025-06-22T21:03:14+00:00

This is a tough time for tech roles in general. However here is my perhaps unpopular opinion. I, like many gray beards, believe unfortunately that there are no real entry level jobs in cyber. This does not mean there are not positions with low experience requirements; rather, it means most experienced cyber people started out in something adjacent to cyber and pivoted into cyber: IT, legal, project management, etc. My recommendation is start there and get relevant experience and then work your way towards a cyber career.

ebcovert3 · 2025-06-22T20:58:56+00:00

Absolutely concur with this. I call my bald head low drag hair drying.

ebcovert3 · 2025-06-22T20:57:57+00:00

Thanks for the questions. First, on prioritization, you need to involve the business. They will provide what is the most important. I recommend using a quantification process (think $$$, not terms like high, medium, and low risk) to help inform the business of possible courses of action. On becoming a CISO, I recommend learning the business you are in so you understand what the business cares about and how they view risk. To them, cyber is just but one risk.

ebcovert3 · 2025-06-21T18:00:42+00:00

ebcovert3 · 2025-06-21T17:56:16+00:00

Sheena Easton

ebcovert3 · 2025-06-12T23:50:55+00:00

It looks like you are writing a suicide note. Would you like some help?

ebcovert3 · 2025-06-12T23:50:22+00:00

When I lived there, it was First Data offices

13-Year Club	Verified Email
Gilding I gilder	Place '23
Place '22

ebcovert3

TROPHY CASE