So you want to be a CISO

The position as Chief Information Security Officer (CISO) is not for the faint of heart, it requires knowledge of disparate security technologies, risk management frameworks, as well as network and security architectures. This position will also require you to interpret the applicability of numerous Federal and State Laws, Regulations, and Compliance regimes against your standing Cyber Security strategy and assess required changes to your organization’s security program. So with these daunting requirements in mind, I am writing this article as a road map for the new CISO.

I have been in the Information Technology and Cyber Security fields for over 25 years and have been a CISO for the last 7 years. As a CISO, I rely heavily on my experiences as a Network and Security Architect and Security Auditor to provide context in evaluating the health of my networks and security program. As CISO, I have used five steps to provide me with a foundation to improve my organization’s Cyber Security strategy and protect my networks and other critical organizational assets.

These steps are:
1. Meet & Greet – “Walk About”
2. Inventory
3. Assessments
4. Plan
5. Communicate

Read more here.

What’s Next for Tech?

During a recent IoT (Internet of Things, for those not familiar) Startup breakfast I realized a few things; the internet is going places most people can’t fathom, and I should have tried harder in Science class.

While we are still a long way from flying cars and ‘Rosie’ the robot maid, scientists and entrepreneurs are creating devices which will be embedded into everything from farm equipment, to your refrigerator, to your jeans; more importantly, these devices will communicate with manufactures, service stations, medical personnel, and even each other. The processors for these embedded devices are getting smaller, cheaper, more powerful, and thanks to visionaries like SIGFOX, low power networks will exist globally to efficiently allow these devices to communicate, and retain a longer service life.

As I was dreaming of a future utopia that would make Doc Brown gasp, a presenter from Wind River (leaders in embedded software for connected systems) brought up the reality that interoperability, or the ability for devices to communicate with each other, has yet to be solved. The issue, today’s innovators are creating devices utilizing their own protocols with no standard way of translating that language. Add the implications a network security breach could have on a country full of connected, semi-automated devices or wearables, and we unveil the hurdles entrepreneurs face before I can safely own a self-driving vehicle that tells my self-maintaining refrigerator to order more beers after a long day.

How do we bridge the gap between today’s standard of living, and tomorrow’s standard of excellence? As technology entrepreneurs create applications for the future, the means by which to fund these innovations has become more robust. According to San Diego Venture Group’s David Titus “venture capital investment is up to its highest level since 2009, an estimated $30 billion in funding.”

While these investment dollars are primarily chasing companies with market traction, angel investors have been seeding start-up and early stage companies that show promise in solving some of these issues.

Venture capital used to look for companies in a great market, or a product and team, now they also want companies to be killing it,” says Titus.

The growth of start-up communities, hubs like CyberTECH, and incubators like EvoNexus that encourage collaboration will help bring well researched solutions to investors, and then to market.

The future is bright, and my sunglasses will know it.

This blog was written by Jamal Brown.

Top 5 mistakes startups make with their privacy policies

Privacy policies are a critical pre-launch step for many web based companies. But not all privacy policies are created equal. Here are the top five common mistakes we see startups make with their privacy policies.

5. The company doesn’t have a privacy policy.
Collecting information from your users without a privacy policy is remarkably risky. In some states it may even be illegal depending on the type of website you operate. For example in California, commercial websites that collect personally identifiable user information which includes information that is commonly collected by commercial websites like names, emails and addresses are required to have a privacy policy. Even if you’re not in a state that requires your website to have a privacy policy, privacy policies are still helpful for setting consumer expectations regarding your use of their data.

4. The company copy and pasted (insert big companies name here) privacy policy as their own.
While most major companies do employ very good privacy law attorneys to write their privacy policies, these policies are tailored for that company’s specific needs. Copying and pasting their privacy policies as your own use can lead to a whole host of problems. While some problems, like forgetting to replace their business name with your business name, hurt you more from a business and customer trust perspective. Other problems, like making promises to do things you don’t do and can’t actually do (i.e. removing user data in a set period of time), could be legally actionable. So while having a privacy policy is important, it’s even more important to have a privacy policy that fits your company’s specific needs.

3. The privacy policy violates the privacy laws of the state in which the company is located.
Privacy law is a bit of a moving target and laws vary significantly from state to state. Certain state laws even contradict other states laws. However, as a rule of thumb it’s a very good idea to make sure you comply with any relevant federal privacy laws as well as the privacy laws of the state(s) where your business is located. If you’re not sure what laws you need to comply with, we highly recommend consulting an attorney in your area.

Continue Reading

This blog was written by Teri Karobonik, Staff Attorney Fellow at New Media Rights.

A True Story and Opportunity to Share Yours!

Q. What does Hush Technology, CyberTECH, Emic Media and YOU have in common?

A. An actively passionate interest in seeing San Diegan tech start-ups blossom!

Let’s start with a story. A true story. Three Daniels at UCSD just wanted to get a good night sleep, so they invented “The World’s First Smart Ear Plugs”, Hush Technology. The Daniels made a great decision and signed up for a CyberTECH Pitch Event, SAM Fest (Startups + Art + Music). At SAM Fest, Lise Markham from Emic Media was left speechless and helped them secure a massive round of funding and support. Now they are featured on BuzzFeed and making lots of noise, silently of course.

Now we are calling you out – we want to hear your brilliant idea, be dazzled by your new product, and really just get to know you! So invite your family and friends and RSVP for the January 30th CyberTECH Spotlight Friday Pitch Night right now!

Interested in pitching? Sign up here!

Don’t have anything to pitch right now? That is totally fine. We would love for you to attend, network and enjoyed a night of innovative ideas!