The CISO Game

Unlike the Squid Game, the CISO-CIO relationship is not a matter of life and death. It’s more like Red light – a ransomware attack. Green light – preventing a breach with better communication and decision-making. 

The key to being successful in this game is to be able to measure security efficacy and risk in business terms, in a way that is substantially different from today’s practices. To evaluate that risk you need to emulate the threats continuously, look the exposure in the eye, and communicate it up the chain of command.