Article from SlashDot, and just by replacing some words you can now tell the story of your CISO in most companies.
“If it wasn’t already enough that the mega breach at <COMPANY> affects over <Random Number> million users, a new investigative report on The New York Times states the extent to which <COMPANY> didn’t care about its users’ security. The report says <COMPANY> CEO <CEO NAME> refused to fund security initiatives at the company, and instead invested money in features and new products. Despite Edward Snowden warning <COMPANY> that it was too easy of a target for hackers, the company took one year to hire a new chief information officer. The company hired <CISO NAME>, who is widely respected in the industry. But <CISO > soon left partly due to clashes with <CEO>, The Times adds. And it gets worse. From the report:
“But when it came time to commit meaningful dollars to improve <COMPANY>’s security infrastructure, <CEO> repeatedly clashed with <CISO>, according to the current and former employees. She denied <COMPANY>’s security team financial resources and put off proactive security defenses, including intrusion-detection mechanisms for <COMPANY>’s production systems. […] But during his tenure, <CEO> also rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach. Employees say the move was rejected by <CEO>’s team for fear that even something as simple as a password change would drive <COMPANY>’s shrinking email users to other services.”
You can also replace:
<CEO> by <CIO>
<Dollar> by <Euro>
<password> by <firewall>, <backup system>, <controls>, <procedure>, <security team>, …