Whistleblowing Brings Visibility to the Role of CISOsSteve Zalewski, Former CISO, Levi Strauss & Co., on the Emergence of CISOs' Role
The role of a CISO has become increasingly complex and challenging. CISOs face the daunting task of not only maintaining a robust security posture and resilience but also reporting incidents to regulators and CERT within prescribed timelines. The process of reporting an incident to CERT requires the CISO to gather and analyze relevant data and evidence to ensure its accuracy. In some cases, a CISO may even need to act as a whistleblower if things go wrong.
"In the past, CISOs have primarily focused on technology. However, in large corporations, they are now expected to address broader cyber and business risks. The role of a CISO has evolved from just protecting technology to protecting the brand, people and supply chains," says Steve Zalewski, former CISO at Levi Strauss & Co.
In this audio interview with Information Security Media Group, Zalewski discusses:
- The importance of being a whistleblower;
- Challenges and way outs in reporting incidents to regulators;
- Three types of CISOs, their functions and how they can contribute to making money.
Zalewski currently provides CISOs with security consulting, advisory and training services. He works as an executive advisory board member for security startups, providing guidance on security market direction and product requirements.