Skip to main content
Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
The https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Teaser Thumbnail Title card for March 2023 CISO Forum Ask Me Anything

CISO Forum: Ask Me Anything - March 2023

Video URL


Recorded in March 2023, this edition of the monthly CISO Forum Ask Me Anything session features ISPG Director and Chief Information Security Officer Rob Wood and ISPG Deputy Director Frank Domizio answering a wide variety of security-related questions. Check the timestamp list below to go straight to the questions that interest you. 

TIMESTAMPS

What in the world is the deal with CyberGeek? (1:50) 

Can implementing Spork security and monitoring for AWS micro services be considered as adding a security layer in the security architecture? (4:06) 

What are your thoughts on the rebalancing of cybersecurity risks as stated in the National Cybersecurity Strategy as stated in the YouTube video by Anne Neuberger and Kemba Walden? (10:11) 

Sometimes it feels like an overall security risk report is like a personal credit report. Does it help to design a credit score kind of metric for a system, taking everything into consideration that can also be applied at group, CMS component, and data center levels? What’s the closest thing that comes to your mind when thinking of a unified credit score? (14:17) 

Why do you think vulnerable methods/reachability has not seen more traction in the SCA (software composition analysis) industry? (21:01) 

How does our security posture and security investment compare to our peers? (25:18)

What is your view on IEC 62443 versus NIST CSF? Does CMS require vendors to follow NIST standards or IEC standards or both? (31:25)

What is the timeline on CMS sending vendors requests for attestations? (37:04) 

What is your most favorite and least favorite thing about being in your role? (37:50)

What are your thoughts on proactive attack surface monitoring and whether or not it is an effective way to manage risk of your supply chain? (42:35)

If you were to be parachuted into a brand-new org, what would be the first three things you would be inquiring about as a CISO? (47:14)

Recent Stories

Recent Media