Bill Bonney is a security evangelist, author and publisher, currently serving as the President of CISO DRG, Inc., a publisher of practical guides for information security executives, written by practitioners. Prior to CISO DRG, Bill was Vice President of Product Marketing and Chief Strategist at FHOOSH (now UBIQ), a maker of high-speed encryption software. Prior to FHOOSH, Bill was the Director of Information Security and Compliance at Intuit, and then Vice President of Product Marketing and a Principal Consulting Analyst at TechVision Research.
Bill holds multiple patents in data protection, access and classification, and is a member of the Board of Advisors for CyberTECH, a San Diego incubator, and on the board of directors for the San Diego CISO Roundtable, a professional group focused on building relationships and fostering collaboration in information security management. Bill is a highly regarded speaker and panelist addressing technology and security concerns. Bill co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 and 2, which are considered among the leading books for CISOs and aspiring CISOs. He holds a Bachelor of Science degree in Computer Science and Applied Mathematics from Albany University.
Why I chose Cybersecurity as my field: I began my career in the “big iron” mainframe era, working for Sperry Univac and then a relational database company called Unify. After 15 years or so, I went into consulting and built a web design and development firm. While we were celebrating some milestones with a little vacation in Cabo San Lucas, the 9/11 terrorist attacks occurred. I took this very personally because one of my last clients at Sperry was Cantor Fitzgerald, the bond trading firm that was decimated by the attack. I made a vow to friends and colleagues that when I reentered the corporate world, I would don the white hat. I had a feeling that the next theatre for mindless destruction would be the cyber realm.
CISO Desk Reference Guide Books
CISO Desk Reference Guide Volume 1
Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.
CISO Desk Reference Guide Volume 2
Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.
Executive Primer
The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.
Mastering Third-Party Risk
Helping you design a third-party risk management program that’s robust, forward-thinking, and exceeds mere regulatory compliance. This book empowers you to proactively manage risks, enhance your supply chain, and prepare for emerging threats.
Protect Your Business
The third book in the CISO Desk Reference Guide® small business series is Protect Your Business. Best for very small businesses, this book teaches the basics, how to secure your devices and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What the owner needs to know, and how to get it done!
Protect Your Practice
The fourth book in the CISO Desk Reference Guide® small business series is Protect Your Practice. Tailored for in healthcare, legal, and financial professionals, this book adds a deep dive into data protection and privacy concerns. Still with no jargon, but recognizing formal programs are usually required. What the practice needs to know, without wasting valuable time!
Articles
Turn Your Company Into an Incubator for Cyber Talent
We started planning our first true getaway vacation since the start of the pandemic, but this vacation would have a bit of a twist. It would be the first time leaving our rescue pup behind. We had adopted Henry just before California’s first shutdown. We started thinking about which of our pet parent friends might be available to dog sit. It didn’t even occur to us to ask our closest friend, since she wasn’t a pet parent herself. This is often the case at our companies as well. We usually don’t think to look close to home, because members of our workforce who are not already on the security...
Our Progress in Cybersecurity Culture Is Improving, Now What’s Next?
Tricia Griffith, CEO of Progressive, the large insurance provider, said: “With the right people, culture, and values, you can accomplish great things.” [1] Several excellent analogies can be used to describe the global challenge we face in cyberspace. We can describe it as modern piracy, given the history of piracy impacting so many people while it was rampant, its criminal nature, and its use in proxy wars between the great naval powers of the 17th and 18th centuries. It could be thought of as similar to infectious disease, given how often software viruses are proximate to fraud and...
How Digital Natives Are Shaping the Future of Data Privacy
With the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020, I think it’s timely to look at how digital natives may change the way we view data privacy altogether. If you were a toddler when Voyager 1 and 2 buzzed Saturn in 1980 and 1981 respectively, you are a digital native, as is anyone who came along after you. Maybe you started high school when email and file-sharing started going mainstream, and by the time you graduated, The New York Times had a homepage, at least one of your parents was likely online, and we, consumers at large, were beginning to experience...
Data Classification is the Key to Data Protection, Part I
“No, no!” said the Queen. “Sentence first – verdict afterwards.” “Stuff and nonsense!” said Alice loudly. “The idea of having the sentence first!”The value proposition for data is not in its protection (sentence), but in its use (verdict).In this series of articles, we’re going to explore an alternate value proposition for data classification and the benefits of thinking of data classification primarily as an enabler for using data rather than protecting data. In this first article, we’ll consider the fundamental reason that we want to classify data with this mindset. In the second article,...
How We Want Recruiters and Hiring Managers to Behave
Gary Hayslip, my good friend and partner, and co-author of our book: “CISO Desk Reference Guide,” just wrote what I think is a very courageous blog about a hurtful and confusing experience he had while exploring a job opportunity. It certainly struck a chord with me, so I thought I’d relate some of my thoughts as well. But first, I’d like to commend him on the vulnerability he showed in writing his article in the first person. When our leaders are willing to be vulnerable, we all grow. Thank you, Gary. Gary mentioned in his article, “Cyber Recruiting, the good, the bad and the not so...