Cybersecurity expert Robert "RSnake" Hansen proposes a CISO code of ethics to combat industry corruption
By
Dark Reading Editorial Team
Summary
In this Dark Reading Confidential podcast episode, senior editor Becky Bracken interviews cybersecurity expert Robert "RSnake" Hansen about his controversial LinkedIn proposal for a CISO (Chief Information Security Officer) code of ethics. Hansen argues that the cybersecurity industry is plagued by unethical practices including kickbacks, no-show jobs, "dirty" venture capital, and shelf ware — where security products are purchased but never implemented. He makes the case that CISOs face unique ethical pressures due to their dual responsibilities to employers and the broader public, and that a formal code of ethics could help professionalize the role and protect whistleblowers. The conversation explores conflicts of interest, vendor relationships, regulatory capture, and the need for accountability in an industry where failures can have widespread societal consequences.
Source
Key quotes
· 5 pulledThe CISO role is uniquely positioned where you have a fiduciary duty to your employer, but you also have a moral duty to the public, and those two things are often in direct conflict.
We have kickbacks, we have no-show jobs, we have dirty VCs, we have shelf ware — products that are bought and never deployed. This is not a healthy industry.
A code of ethics isn't going to solve everything, but it gives us a baseline. It gives whistleblowers something to point to and say 'this is wrong.'
When a CISO signs off on a security product that doesn't work, or looks the other way on a vulnerability, the consequences ripple far beyond that one company.
The problem is that the incentives are all wrong. CISOs are incentivized to say everything is fine, not to tell the truth about the state of security.
You might also wanna read
AI Security Beyond Cybersecurity: Zico Kolter and Matt Fredrikson on Red-Teaming, Jailbreaks, and Safety Research
Zico Kolter (OpenAI board member, Safety & Security Committee) and Matt Fredrikson (CMU professor, CEO of Gray Swan) discuss AI security wit
Snyk Joins CISA's Secure by Design Pledge
Security Researcher Discovers Critical Data Vulnerability in Sports Insurer Portal, Faces Legal Threats Instead of Cooperation
A diving instructor and platform engineer discovers a critical security vulnerability in a sports insurer's portal during a dive trip, expos
Addressing Hiring Challenges in Cybersecurity: A Case Study
The article critiques the hiring practices in the cybersecurity industry, highlighting how companies contribute to the perceived talent shor
Developer discovers remote code execution backdoor hidden in fake crypto startup job offer on LinkedIn
A security-conscious developer receives a LinkedIn job offer from a recruiter at a crypto startup. Suspicious of the request to review a Git
Developer discovers remote code execution backdoor hidden in fake crypto startup job offer on LinkedIn
A security-conscious developer receives a LinkedIn job offer from a recruiter at a crypto startup. Suspicious of the request to review a Git

Comments
Sign in to join the conversation.
No comments yet. Be the first.