Title card for November 2022 CISO Ask Me Anything Forum

CISO Forum: Ask Me Anything - November 2022

Published Monday, December 12, 2022

Director of ISPG and Chief Information Security Officer Rob Wood, and Deputy Director of ISPG Frank Domizio explore answers to November 2022's CISO Forum Ask Me Anything. This month’s special guest host is Deputy Director of Division of Security, Privacy Policy and Oversight (DSPPO) Leslie Nettles. Click the link to watch the video or use the timestamp list below to go directly to questions that interest you.

TIMESTAMPS

00:02:26 What is the ISPG strategy on embracing SBOMBs?

00:05:29 Where are you spending the most time keeping up on stuff/trends/CMS-wise?

00:08:00 I wish there were more meetings and trainings.

00:10:40 Let’s say the state experienced a near-miss recently regarding the security of its integrated eligibility system, and as a result FFP support from CMS to improve system security was approved. As part of that FFP request, the state planned to run a bug bounty that could potentially leak PHI/FTI/etc. How would the security side of the house view this plan: Migrate source control platform from legacy centralized version control to one based on GIT, which would include fancy CI/CD that would check code quality, etc.?

00:18:00 Are you familiar with Pluralsite?

00:18:37 Do we have any deals in place for getting a good deal on hardware keys?

00:19:41 What’s your favorite whiskey?

00:21:54 With increasing IOT device inventory, what is your strategy to tackle 2301 Improving Asset Visibility and Vulnerability Detection?

00:25:03 If you could change the definition of CISO, what would it stand for?

00:28:45 Does the CISO have to have a technical background to be successful?

00:34:55 Mainframes are going the way of the dinosaur. How would you categorize the risk to CMS’s and many other agencies' continued use of mainframes and how can security become an enabler to replatforming onto a more sustainable and agile platform?

00:39:38 Thoughts on how to help an organization see security and privacy as a business enabler?

00:47:40 What’s the best piece of career advice that you’ve gotten in the cybersecurity field?

00:49:31 Conversation about coffee.

00:51:59 Final thoughts.

Recent Stories

Recent Media

Related OIT Videos