All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Cybersecurity expert Robert "RSnake" Hansen proposes a CISO code of ethics to combat industry corruption

By

Dark Reading Editorial Team

12d ago· 39 min readen

Summary

In this Dark Reading Confidential podcast episode, senior editor Becky Bracken interviews cybersecurity expert Robert "RSnake" Hansen about his controversial LinkedIn proposal for a CISO (Chief Information Security Officer) code of ethics. Hansen argues that the cybersecurity industry is plagued by unethical practices including kickbacks, no-show jobs, "dirty" venture capital, and shelf ware — where security products are purchased but never implemented. He makes the case that CISOs face unique ethical pressures due to their dual responsibilities to employers and the broader public, and that a formal code of ethics could help professionalize the role and protect whistleblowers. The conversation explores conflicts of interest, vendor relationships, regulatory capture, and the need for accountability in an industry where failures can have widespread societal consequences.

Source

bskyCybersecurity expert Robert "RSnake" Hansen proposes a CISO code of ethics to combat industry corruptiondarkreading.com

Key quotes

· 5 pulled
The CISO role is uniquely positioned where you have a fiduciary duty to your employer, but you also have a moral duty to the public, and those two things are often in direct conflict.
We have kickbacks, we have no-show jobs, we have dirty VCs, we have shelf ware — products that are bought and never deployed. This is not a healthy industry.
A code of ethics isn't going to solve everything, but it gives us a baseline. It gives whistleblowers something to point to and say 'this is wrong.'
When a CISO signs off on a security product that doesn't work, or looks the other way on a vulnerability, the consequences ripple far beyond that one company.
The problem is that the incentives are all wrong. CISOs are incentivized to say everything is fine, not to tell the truth about the state of security.
Snippet from the RSS feed
Kickbacks, no-show jobs, "dirty" VCs, and shelf ware — industry expert Robert "RSnake" Hansen explains why he thinks it's time for a CISO code of ethics.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.