Response to "Can a CISO Serve Jail Time?"
I just read a story titled Can a CISO Serve Jail Time? Having been Chief Security Officer (CSO) of Mandiant prior to the FireEye acquisition, I thought I would share my thoughts on this question. In brief, being a CISO or CSO is a tough job. Attempts to criminalize CSOs would destroy the profession. Security is one of the few roles where global, distributed opponents routinely conduct criminal acts against business operations. Depending on the enterprise, the offenders could be nation state adversaries largely beyond the reach of any party, to include the nation state hosting the enterprise. Even criminal adversaries can remain largely untouchable. I cannot think of another business function that suffers similar disadvantages. If a commercial competitor took actions against a business using predatory pricing, or via other illegal business measures, the state would investigate and possibly prosecute the offending competitor. For actions across national boundaries, one might see