When Michael Gregg joined the State of North Dakota as a security leader, he brought with him a concept he liked to use for keeping his security program on track: identifying objectives and key results (OKRs) and tracking progress against them.
He says they had worked for him in the past, and he believed that introducing their use to the state’s security program could be equally useful.
“It was a good way for the security team to stay focused. It helps give me and the teams priorities, it gives alignment between the teams, and we get the tracking and accountability,” says Gregg, who was named the state’s CISO in late 2021 after working in the position as an interim and prior to that as director of state cyber operations.
The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO’s trials and tribulations include responsibility for protecting a business’s most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex and strict regulatory requirements, balancing security with critical business needs, and juggling a security skills and talent shortage.
These are just a few of the things that keep CISOs up at night. However, it is far from all doom and gloom. There’s plenty to be optimistic about if you are building or seeking a career as a CISO. Here are the seven best things about being a CISO according to those currently in the job.
Multiple vulnerabilities have been discovered in Exim, the most severe of which could allow for remote code execution. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of the most severe of these vulnerabilities will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Multiple vulnerabilities have been discovered in Exim, the most severe of which could allow for remote code execution. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of the most severe of these vulnerabilities will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Threat: Backdoor.Win32.Guptachar.20
Vulnerability: Insecure Credential Storage
Description: The malware runs a web server on TCP port 2015 (default) and
uses BASIC authentication. The credentials “hacker01:imchampgr8” get stored
in a…
Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins
to demux Mastroska and AVI files which could result in denial of service
or the execution of arbitrary code.
