All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/) What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring. Thank to our episode sponsor, TrustMAPP. TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you're going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs. On this episode of Defense in Depth, you'll learn: We repeatedly joke about Davi Ottenheimer's comment that the CISO has held the moniker of "designated felon" in American risk mitigation. Big piece of advice that was repeated throughout the episode is to have an employment contract. In the employment contract you want an exit strategy that allows you to leave if you think a situation is not tenable or the company is asking you to do something that you believe to be unethical. It gives you an opportunity to leave without any blame assigned. The cc field is your friend. If you don't want to be seen as the only one "in the know" take advantage of making sure key people are also in the loop. We heard one unbelievable story of an employment contract where it was clear that the CISO would be the "designated felon" should there be any breach. This was put in place to protect the executive team. The contract offered financial security for two years post breach. We all agreed this was insane and had never heard of anything like that before. Be wary of being forced to take on personal ownership of security issues. A CISO is responsible, not accountable.
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
3ª PARTE | 17 DIC 2025 | EL PARTIDAZO DE COPE
01 Jan 1970
El Partidazo de COPE
13:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
12:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
10:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
13:00H | 20 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
12:00H | 20 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana