Greetings and salutations!

1. Asking for a 10 percent budget increase in the next fiscal year:

a. "We're going to need more money next year." (0)

b. "Incremental investment next year will set us up for long-term efficiency." (+1)

c. "You're just going to have to trust me on this." (-1)

d. "You can't raise lions on kitty chow." (-2)

2. Walking the board of directors through your operational metrics:

a. "Areas marked in red require process or technology improvement within this quarter." (+1)

b. "I've appended a more detailed set of sub-measures in case you find those to be of interest." (+1)

c. "I've appended a comprehensive list of virus signatures we've blocked." (-1)

d. "Unfortunately, you can't really measure security." (-2)


3. Responding to a CEO or COO request for an explanation of a new security technology:

a. "That insta-fleebinator plugs into a triple-DES-protected whoosywhatsit and amalgamates the ABDX v.2 concatenations over the darknet backbone." (-4)

b. "One of our system integrators will have to get back to you on that." (-1)

c. "First off, the big picture is that we can't protect these assets properly unless we know exactly where they are and who can access them." (+1)

d. "It's so simple, even you will understand it." (-3)

4. Telling the board of directors you've suffered a data breach:

a. "We regret to inform you..." (-1)

b. "Good news and bad news. The good news is, we've been honing our incident-response plan..." (-1)

c. "I have some unfortunate news that requires your immediate attention..." (+1)

d. "I told you this would happen." (-3)

5. Letting your network know you're looking for a new job:

a. "We regret to inform you..." (-2)

b. "Due to an ill-informed and backward-looking board of directors..." (-3)

c. "The next chapter of my career is about to begin, and I'd like to ask for your help." (+1)

d. "Does anyone know the manager's name at Taco Bell?" (-4)


Zero points (or less): Not being a CSO isn't your biggest problem

1 to 4 points: CSO in the making

5 points: Ask your spouse if you answered the questions honestly

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about DXetworkING AustraliaTaco Bell

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek Slater

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place