Michael S. Oberlaender - PREMIER CISO

It's a great pleasure and honor to be again quoted in the The Wall Street Journal (WSJ) as experienced CISO and subject matter expert about the U.S. Securities and Exchange Commission (SEC)'s materiality handling and communication of last week - #CyberSecurity #InformationSecurity #InfoSec #CyberSec #Security #Regulation #Materiality #Board #BoD #BoardofDirectors #Communication #SpeakTruthToPower #Integrity #Transparency #Executive #Leadership #LeadershipByExample
Link to the… Show more

It's a great pleasure and honor to be again quoted in the The Wall Street Journal (WSJ) as experienced CISO and subject matter expert about the U.S. Securities and Exchange Commission (SEC)'s materiality handling and communication of last week - #CyberSecurity #InformationSecurity #InfoSec #CyberSec #Security #Regulation #Materiality #Board #BoD #BoardofDirectors #Communication #SpeakTruthToPower #Integrity #Transparency #Executive #Leadership #LeadershipByExample
Link to the interview:
https://www.wsj.com/articles/materiality-definition-seen-as-tough-task-in-new-sec-cyber-rules-314b4626 Show less

I'm honored to be quoted by the The Wall Street Journal as experienced CISO and industry leader and cybersecurity expert about the Security Exchange Commission's decision about the new cybersecurity rules becoming effective as of December 2023. Here is the link to the article:
https://www.wsj.com/articles/cyber-experience-on-boards-still-seen-as-critical-in-new-sec-rules-937702bd

It was a great #honor and true #pleasure to #moderate this fantastic #Executive #CISO #panel at the Data Connectors Cybersecurity Community #Houston 2024 #conference! We had a lot of fun - it's visible throughout the shared images. Thanks to all our attendees, and thanks to Dawn Morrissey for organizing the conference, and thanks to my panelists Doug Jaworski Jon Garza, CISSP, MSM James Morrison, FBI Cyber (Ret), CISSP, MBA, Veteran for sharing their #insights and answering all my #questions… Show more

It was a great #honor and true #pleasure to #moderate this fantastic #Executive #CISO #panel at the Data Connectors Cybersecurity Community #Houston 2024 #conference! We had a lot of fun - it's visible throughout the shared images. Thanks to all our attendees, and thanks to Dawn Morrissey for organizing the conference, and thanks to my panelists Doug Jaworski Jon Garza, CISSP, MSM James Morrison, FBI Cyber (Ret), CISSP, MBA, Veteran for sharing their #insights and answering all my #questions. We covered a lot - and I steered the ship (the German Physicist 😎 in me) to perform precisely and exactly on time. Thank y'all!
Thanks also for all coming by my booth to get signed #copies of my latest #books! Such a great fun #event! Show less

Served as KEYNOTE speaker and Global Cybersecurity Industry Leader

You can watch the recorded session here: https://youtu.be/hkM-UBwUPp4

It's a great honor to be quoted as 8x CISO, industry leader, and subject matter expert on cybersecurity by the great Evan Schuman for CSO Online. In this new article about the FCC settlement with T-Mobile on their triple data breaches we cover topics from regulators imposing minimal fines versus those in the EU, the minimum approach for cybersecurity in the US (just doing the basics like MFA and ZTNA, Asset inventories, etc.) and the failing security grade that leads to these hacks / data… Show more

It's a great honor to be quoted as 8x CISO, industry leader, and subject matter expert on cybersecurity by the great Evan Schuman for CSO Online. In this new article about the FCC settlement with T-Mobile on their triple data breaches we cover topics from regulators imposing minimal fines versus those in the EU, the minimum approach for cybersecurity in the US (just doing the basics like MFA and ZTNA, Asset inventories, etc.) and the failing security grade that leads to these hacks / data breaches. My new book (PREMIER CISO - BOARD & C-SUITE: RAISING THE BAR FOR CYBERSECURITY) is also mentioned and referenced! It's an honor to have been quoted again. Show less

Honored and humbled to be quoted again in this master piece in CSO Online by Evan Schuman about the SEC legal actions and how CISOs and CSOs can prepare and defend themselves in light of these new risks of alleged liabilities. Thanks for sharing some of my advice with the C(I)SO community. This is a developing situation and will need to be tackled as such. There is no good way currently, so one has to play the cards one has been dealt. #InfoSec #CyberSecurity #Security #Leadership… Show more

Honored and humbled to be quoted again in this master piece in CSO Online by Evan Schuman about the SEC legal actions and how CISOs and CSOs can prepare and defend themselves in light of these new risks of alleged liabilities. Thanks for sharing some of my advice with the C(I)SO community. This is a developing situation and will need to be tackled as such. There is no good way currently, so one has to play the cards one has been dealt. #InfoSec #CyberSecurity #Security #Leadership #ThoughtLeadership #LessonsLearned #CyberWar #CyberCrime #Lawsuits #CISO #CSO #CEO #CLO #CRO Show less

I had the pleasure of being interviewed by Evan Schuman, for Computerworld, about an important issue that CISOs and CIOs face alike: overpromised and underdelivered vendor claims. Read it here:
"Forrester asks a forbidden question: Are vendors lying or do they believe their own hype?"
Link: https://www.computerworld.com/article/3707468/forrester-asks-a-forbidden-question-are-vendors-lying-or-do-they-believe-their-own-hype.html

It was a great honor and pleasure being interviewed and quoted for this outstanding piece by Evan Schuman. This article summarizes the views from multiple CyberSecurity & InfoSec industry leaders and luminaries on the recent Microsoft Azure and O365 breach. Here is the direct link to the ComputerWorld article:
https://www.computerworld.com/article/3704132/has-microsoft-cut-security-corners-once-too-often.html

I had the pleasure to be interviewed and featured by HelpNetSecurity about the CISO role and how to strike the balance between cybersecurity and operational efficiency. The article provides key insights in the strategic and operational challenges a CISO will face and how to leverage tactical business opportunities to advance your long term security strategy. It further advises organizations how to build cybersecurity strategy from scratch and how to align their cybersecurity strategies with… Show more

I had the pleasure to be interviewed and featured by HelpNetSecurity about the CISO role and how to strike the balance between cybersecurity and operational efficiency. The article provides key insights in the strategic and operational challenges a CISO will face and how to leverage tactical business opportunities to advance your long term security strategy. It further advises organizations how to build cybersecurity strategy from scratch and how to align their cybersecurity strategies with national and international cybersecurity frameworks and guidelines. And it refers to my newly published book "PREMIER CISO: BOARD & C_SUITE: RAISING THE BAR FOR CYBERSECURITY" so people can leverage that expert content as it will help them with these tasks and decisions in the future. Show less

Dear C(I)SO and also greater InfoSec / Cybersecurity community,
I'd like to share this BRANDNEW podcast about the recent #SEC charges against the #CISO of #Solarwinds and what this means from the #CSO #CISO perspective and what the potential #ramifications and #impact this might have on the #Cybersecurity #Security #InfoSec #industry and #landscape. Chirag D Joshi and myself did this last Friday night (#Houston time) and hopefully this gives a good insight and guidance, and also leads the… Show more

Dear C(I)SO and also greater InfoSec / Cybersecurity community,
I'd like to share this BRANDNEW podcast about the recent #SEC charges against the #CISO of #Solarwinds and what this means from the #CSO #CISO perspective and what the potential #ramifications and #impact this might have on the #Cybersecurity #Security #InfoSec #industry and #landscape. Chirag D Joshi and myself did this last Friday night (#Houston time) and hopefully this gives a good insight and guidance, and also leads the Security Exchange Commission to adapt its recently changed new rules further as to include board cybersecurity expertise requirements, and, for the charges, to hold first and foremost those at the true top of the organization accountable.
#Leadership #ThoughtLeadership #LeadingbyExample #LeadingChange #SecurityIndustry #Legalcommunity #Legal #CEO #CRO #CLO #GC #CIO #CTO #CXO #CMO #CFO #compliance #riskmanagement #risk #riskandcompliance #riskreduction #riskculture #SecurityCulture #Culture
WATCH: https://www.youtube.com/watch?v=X2ZSkOY2xkE Show less

It was a great honor and pleasure to speak at the NMFTA cybersecurity conference on the topic of cyber and API security and share some expertise with the audience; the event was a great success and below are some links of the media / press cover stories listed, as well as the slide deck.

I was speaking at the ISACA GHC annual general meeting (AGM) and cybersecurity conference on 10/06/2023 in the cybertrack:
https://web.cvent.com/event/4ef5071f-a3ca-4b6c-af3d-80823600f883/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce

See below / self explanatory.

I was asked and interviewed by The Cyberexpress publication to share some of my insights about cybersecurity and its standing in the industry for the security awareness month of October 2023.
Please read it here in this link: https://thecyberexpress.com/importance-of-ceo-cybersecurity/

It was my great honor and pleasure to serve at the Houston Technology Summit 09/21/2023 in multiple capacities - as book author I did a signing event and as panelist I shared some of my expertise with the audience, for example on how to build, retain, and develop cyber security talent and how to develop and execute your security strategy, roadmap, and how to protect an organization from current and future threats (see more details on both… Show more

It was my great honor and pleasure to serve at the Houston Technology Summit 09/21/2023 in multiple capacities - as book author I did a signing event and as panelist I shared some of my expertise with the audience, for example on how to build, retain, and develop cyber security talent and how to develop and execute your security strategy, roadmap, and how to protect an organization from current and future threats (see more details on both below).
https://eitevents.com/houston_events/ciso-book-signing/ - gives you more details.
https://eitevents.com/houston_events/ciso-roundtable-strategies-for-future-proofing-your-security-team/
Following Introductions, this CISO led panel will briefly discuss the challenges brought about involving the hybrid workforce due to the covid pandemic. Then Panelists will transition into the following current & future-looking topics:
The Importance of Adopting a Prevention First Approach
Strategies for Securing the Software Supply Chain (both internally and with focus on your customers & suppliers)
Simplifying Security Processes for Long-Term Sustainability
Disrupting Disinformation & Social Engineering Campaigns
Mitigating Risk from 3rd Party Vulnerabilities
Preparing for a Compromise of a Cloud Services Provider
Hiring and Retaining Top Talent
Adopting and combating AI/ChatGPT Show less

I had the honor being interviewed by Girac D Joshi for his podcast Art of Cyber Security about security leadership (and how to become one); Global CISO learnings on strategy and tactics (as described in my books); some practical examples on team building and mentoring your teams; building and transforming the security culture of an organization or enterprise; risks and benefits of AI in security; and the current and evolving regulatory landscape for CISOs. You can watch the video here (link):… Show more

I had the honor being interviewed by Girac D Joshi for his podcast Art of Cyber Security about security leadership (and how to become one); Global CISO learnings on strategy and tactics (as described in my books); some practical examples on team building and mentoring your teams; building and transforming the security culture of an organization or enterprise; risks and benefits of AI in security; and the current and evolving regulatory landscape for CISOs. You can watch the video here (link): https://youtu.be/F3ljNTgg9fY Show less

Great pleasure and honor to speak and present to the CIO community at CIO Professional Network about the subject "Succeeding in InfoSec and CyberSecurity" - the session was well attended by CIOs and other tech leaders and really great interaction / both during the session and Q&A.
https://www.linkedin.com/posts/mymso_cios-infosec-cybersec-activity-7055238200449007616-iRYm/

It was my great pleasure serving as CISO panelist and #CSO #CISO #CIO #CTO #expert at yesterday's @ISACA #ISACA #GreaterHoustonChapter #GHC Tuesday #webinar to give #career #advice and #careerguidance from my 8 times #CISO #perspective. #CyberSecurity #Careerpaths. Slide deck is here: https://custom.cvent.com/A77CC2AEB9C44E4AA8FD5414658DC55B/files/d7faaec8401a4d8b9f4fcefca9b7b337.pdf

It was a great pleasure and discussion when I chaired the CISO roundtable at the Texas Technology Summit - we had a great group of CISO participants from different industries, public sector, and other leaders to focus on the subject how to prepare the organizations for the future... chat bots, nation state threat actors, crime groups, how to influence the board and funding, how to create a security culture, and what steps to take to prepare the work force. Hint: it's not only awareness, but… Show more

It was a great pleasure and discussion when I chaired the CISO roundtable at the Texas Technology Summit - we had a great group of CISO participants from different industries, public sector, and other leaders to focus on the subject how to prepare the organizations for the future... chat bots, nation state threat actors, crime groups, how to influence the board and funding, how to create a security culture, and what steps to take to prepare the work force. Hint: it's not only awareness, but also continued education, training, and more. Show less

I thoroughly enjoyed authoring and presenting my new session "PCIP - Putting Certifications Into Perspective" at the ISACA Greater Houston Chapter webinar on 03/28/2023. More than 150 participants joined my talk and we had an interactive discussion as well as know-how and experience sharing to educate other people in the security, privacy, audit, risk, and compliance space. I explained how to prepare for a long term strategic career, which steps to take and what to focus on, including, but… Show more

I thoroughly enjoyed authoring and presenting my new session "PCIP - Putting Certifications Into Perspective" at the ISACA Greater Houston Chapter webinar on 03/28/2023. More than 150 participants joined my talk and we had an interactive discussion as well as know-how and experience sharing to educate other people in the security, privacy, audit, risk, and compliance space. I explained how to prepare for a long term strategic career, which steps to take and what to focus on, including, but not limited to, certifications, trainings, new projects, and how to build trust and a great story. I walked through several of the leading training and certification bodies and compared them to each other, putting things into perspective. Show less

It was a great pleasure and honor being interviewed as global industry leader and 8-times CISO CSO by Joseph Harisson on the SecDevOps blog about this very important topic for the security and software industry as a whole: a new paradigm to improve the SDLC by integrating InfoSec and CyberSecurity into the new SSDLC (Secure-SDLC) and addressing the problem by shiftleft to do it better, faster, and cheaper (!). You can read it here: https://itcompanies.net/blog/what-is-secdevops - enjoy!

It was a great pleasure and honor speaking and sharing some of my expertise at the CISO panel (Cyber Executive Roundtable) and also do a book signing of my latest book while at the Data Connectors Conference in Houston, January 26th, 2023: https://dataconnectors.com/speakers/michael-oberlaender/

As global industry leader in the cybersecurity space and longtime CISO it was my pleasure moderating the CISO panel with the subject "Creating a Culture of Organizational Resilience". Guiding the discussion on all aspects from culture change, BCP & DR, BIA, BPA, board communication, risk appetite / tolerance, cyberinsurance, governance, organizational change management, over lessons learned in IR, red team, blue team, purple team exercises, EDR, XDR, EPP, VPN, MFA, up to defense-in-depth… Show more

As global industry leader in the cybersecurity space and longtime CISO it was my pleasure moderating the CISO panel with the subject "Creating a Culture of Organizational Resilience". Guiding the discussion on all aspects from culture change, BCP & DR, BIA, BPA, board communication, risk appetite / tolerance, cyberinsurance, governance, organizational change management, over lessons learned in IR, red team, blue team, purple team exercises, EDR, XDR, EPP, VPN, MFA, up to defense-in-depth, security/resiliency-by-design, and cloud adoption we covered a lot during that hour. The room was packed / overcrowded and I made sure everything was delivered precisely on time and focused on the topic (imagine, with 5 leading CISOs on a podium...). After the session I also did a book signing - we had a lot of fun together! Here is the video recording of the session: https://www.youtube.com/watch?v=8_VGldqR-Tg Show less

It was an honor to serve as panelist on the Cyber Executive Roundtable at the Data Connectors CyberSecurity Conference in Houston on April 27th, 2022. Providing my subject matter expertise and thought leadership to serve the global cyber security community. Sharing some success stories and how to prevent the data breaches or to reduce their impact.

I had the pleasure to chat with Anna Delaney on authentication challenges and how to overcome them, sharing some insights on password handling, and what the future might entail.
Here is the link to the interview:
https://www.bankinfosecurity.com/authentication-methods-to-support-permanent-remote-workforce-a-16604

Listen in to my radio interview on the VoiceAmerica network and TF7 Radio with host George Rettas about "What is the Current State of Cyber Security" and my newly published book - https://www.voiceamerica.com/episode/123636/task-force-7-ep135-monday-may-18th-2020

Security Magazine's Editor-in-Chief, Maggie Shein, has interviewed me and reviewed my book to share with her readers. It's covered in the "Security Talk" as first article, right where the actual content starts, under the heading: "Step-by-step strategy for the CISO". It went live on January 6, 2021. Link: "https://www.securitymagazine.com/articles/94308-step-by-step-strategy-for-the-ciso"

https://bit.ly/3jBJ3Zr
This session introduces and discusses some of the concepts of Michael’s new book and exemplary shares some details about the content... Focused topics will include:
· Current trends and observations in data breaches (DBIR with trends);
· International perspective – GDPR focus, explaining core concepts with a European view on privacy;
· Data security and risk governance (ISMS, IS governance board, policy process);
· Example of the core security processes… Show more

https://bit.ly/3jBJ3Zr
This session introduces and discusses some of the concepts of Michael’s new book and exemplary shares some details about the content... Focused topics will include:
· Current trends and observations in data breaches (DBIR with trends);
· International perspective – GDPR focus, explaining core concepts with a European view on privacy;
· Data security and risk governance (ISMS, IS governance board, policy process);
· Example of the core security processes (incl. Strategy / Program development, Vulnerability Management, Threat intelligence, and Patching);
· Q&A. Show less

https://open.spotify.com/episode/2eliJZbNrQtfF9c72dyZzn?si=87d548cf18cd4cb3&nd=1

https://www.iheart.com/podcast/269-privacy-please-68515822/episode/ep-37-michael-oberlaender-72078285/
In this podcast that is hosted by Cam and Gabe from the Privacy Please Podcast we talk about being at the security helm of an organization, what characteristics are important, what things to do and which treats to develop. We're also covering some things from my book such as the back story on GDPR and privacy laws in Europe, why these came up and what is important. Lots of fun and also… Show more

https://www.iheart.com/podcast/269-privacy-please-68515822/episode/ep-37-michael-oberlaender-72078285/
In this podcast that is hosted by Cam and Gabe from the Privacy Please Podcast we talk about being at the security helm of an organization, what characteristics are important, what things to do and which treats to develop. We're also covering some things from my book such as the back story on GDPR and privacy laws in Europe, why these came up and what is important. Lots of fun and also sharing some insights what makes a great CISO and how to spend $100 wisely. Enjoy! Show less

https://www.complianceonline.com/resources/interview-with-michael-oberlaender-practical-lessons-for-cisos.html
ComplianceOnline has interviewed me about my career, some of my advice on how to follow in my foot steps, and what core security controls should be addressed by every CISO.

https://www.securitymagazine.com/articles/91653-the-changing-role-of-the-ciso

Helping with selection of speakers, vendors, agenda etc.

Served on the panel about Privacy and Security as CISO and GDPR privacy expert. Explaining the impact and entanglement between GDPR and other regulations with security and how to solve common misconceptions.

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Details: http://www.ten-inc.com/ise/central/schedule.asp -> Wednesday, May 16, 2018

Served on a CISO panel to advise sales and marketing leaders how to approach (and later sell) to the C(I)SO - see photos: https://www.flickr.com/photos/iseprograms/41500329432/in/album-72157694008181751/

CSO / CISO Expert Panelist on the subject of security, privacy, compliance, regulation (GDPR), and how we tie it all together in today's hyper connected world.
http://texas.technologysummit.net/ - see session 3:00 pm - 4:00 pm (Main Stage)
http://texas.technologysummit.net/Speaker/Michael_Oberlaender.html

Supporting the Texas Technology Summit again to foster innovation, security leadership and local business.

Selected on the executive advisory council again for SecureWorldExpo:

http://www.secureworldexpo.com/houston/advisory-board

Panel Discussion: How Your IT Culture Affects Your Ability to Innovate

02/09/2016

Safe Harbor Down, but Not Out? What is Next?

- Panel discussion at the ISACA Greater Houston chapter on 12/14/2015.

Panel discussion: Communicating Information Security to the Board and Executive Management

02/11/2015

CSO panel during the CIO Perspectives event in Houston

Played key CISO role in “Managing A Cyber Attack" Sutherland Asbill & Brennan LLP panel.

Moderated the CISO panel on the 09/11/2014

Presented and lectured the ½-day seminar, 06/20/2014 in Houston, TX: "C(I)SO - And Now What".

Some parts of my recent book "C(I)SO – And Now What? How to Successfully Build Security by Design" --> How to Build Security in an Organization.

How to Build Security in an Organization