Preparing a cybersecurity team for the never-ending onslaught of cyber threats takes a lot of work. Organizations that get it right make the appropriate technology investments, recruit qualified candidates, and clearly define their roles once they are onboarded. (ISC)2’s Building a Resilient Cybersecurity Culture study provides valuable insights about building and retaining an effective cybersecurity team. It all starts with a commitment from the top. When the CEO and board of directors are serious about protecting the organization and its people from cyber-attacks, the team is emboldened to do its job. Companies with a strong cybersecurity culture invest in both people and technology. For instance, 62% of study participants cited technology investment as an effective tactic to build a cybersecurity

The chief information security officer role hasn’t always gotten the respect it deserves. Research over the years has shown companies often treat their CISO primarily as a scapegoat for security incidents. But that may be changing – at least it is in organizations with a strong cybersecurity culture. New research by (ISC)2 shows the overwhelming majority of companies that properly staff their cybersecurity teams employ a CISO. The Building a Resilient Cybersecurity Culture study revealed that 86% of organizations that consider themselves adequately staffed with cybersecurity talent have a CISO. This is a substantially higher percentage than the 49% of companies overall with a CISO, according to other research. Cybersecurity Knowledge The finding points to the likelihood that a CISO

Name: Ana Ferreira Title: Doctor Employer: Center for Health Technology and Services Research (CINTESIS), Faculty of Medicine, University of PortoLocation: Porto, PortugalEducation: BSc in Computer Science, MSc in Information Security, PhD in Computer ScienceYears in IT: 20Years in cybersecurity and/or privacy: 16Cybersecurity certifications: CISSP, HCISPP    How did you decide upon a career in healthcare security and/or privacy? After I graduated in 1998, I went to work for a healthcare education institution as a researcher and IT specialist. After a few years, I realized that security and privacy, especially in the domain of healthcare, were crucial for the quality and protection of patient data. I decided to make a change and enter into information security and received a Master’s degree in