Watch the June CISO Ask Me Anything Forum

If you missed June’s CISO Ask Me Anything Forum, you can now check out the recording on YouTube. The forum features Director of ISPG and Chief Information Security Officer Rob Wood, and Deputy Director of ISPG Frank Domizio exploring a wide range of security-related questions.

The hour-long meeting is divided by timestamps below so you can get right to the questions that interest you.

• 02:15 If there was anything in your program that you felt was fundamentally missing, or not being done, what would that thing be?
• 08:15 Vulnerability disclosure reports to communicate product vulnerability status - Does HHS have a preference between frameworks to receive vulnerability disclosures?
• 13:47 What are some use cases that would be appropriate for and optimize the value of deployment of a threat modeling team?
• 20:48 Do you feel that having a business background is essential for aspiring CISOs?
• 26:34 What is your most important and effective success metric as a CISO?
• 33:45 Is CMS using or looking at the MITRE ATT&CK framework to understand where you may need improvement?
• 37:05 Can you share your insights from the C-SCRM comments submitted to the CMS RFI in February 2022?
• 45:30 Is your goal to change the culture so that security is part of the organizational mesh? What role does training play?
• 54:00 Can you talk a bit about SaaS governance, and how/if this can be managed at the office level?