Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
6 min read

A CISO's Perspective: Michael Lines Shares How CISOs Can Succeed

Jun 4, 2019 11:47:00 PM

As a CISO, you constantly worry if today is the day you’ll have a security incident. It’s a common problem. There are huge expectations on you and your team, but the support from the business is not always in line with those expectations.

For today’s post, we interviewed cyber risk expert Michael Lines. Over the course of his 20-plus-year career focused on information security, Michael was the first global CISO at both FICO and TransUnion. Additionally, he served as global CISO for PriceWaterhouseCoopers and D+H Ltd. Michael is currently a cyber advisor helping boards of directors and management teams address cyber risk. He took some time to talk to us and share his perspective on why organizations continue to fall victim to significant and damaging data breaches and fraud.

GroupSense: What are the biggest issues CISOs are facing today?

Michael Lines: The biggest challenge for CISOs and for the management of information security in general is the pace of change. The job of a CISO continues to evolve at an ever-advancing pace, and many CISOs are unprepared for all the responsibilities that the job today demands.

Fifteen years ago the security leader was a primarily technical position which grew out of network and systems administration. The role has evolved. Now the stakeholders the CISO is responsible for include the board, senior management, internal audit, legal, compliance, the business division and the IT organization. Add to that all the third parties the CISO has to interact with, negotiate with, report to and police for compliance.

To be a successful security leader today, a CISO must possess political savvy and prowess in addition to hard technology skills. A CISO must have the ability to communicate and educate the leadership team around a seemingly endless stream of issues, while at the same time, prioritizing those issues such that they do not come across as Chicken Little, constantly crying that the sky is falling. At the end of the day, the business exists to make money, and the CISO’s role is to educate the business on how this can be done while balancing the risks that could cause it to lose a significant amount of money due to fines, lawsuits and lost business.

GS: With all the advances in security technology, why do we continue to see so many successful breaches?

ML: For all the advances in security technology, business technology is advancing just as fast. IT budgets are exploding in major organizations as they pursue digital transformation - basically a wholesale shift in how companies acquire, service and monetize their customer relationships by embracing digital means to do so.

This in turn has been accompanied by a shift from the old school, in-house data center environment to the cloud, combined with new methods for creating and deploying business applications, including agile methods, virtualization, containerization, microservices, mobile enablement, and so on. The result is a mind-numbing mix of technologies scattered across the world. Where there used to be a few mainframe systems at the core running a handful of business applications, now there can be thousands of applications fragmented into a myriad of component parts, all of which have to be tuned and configured in order to work at all, let alone securely.

Businesses have enough trouble just keeping track of what they are running in production. Creating documentation has gone by the wayside - now the imperative is to see how quickly code can be released and evolved (the “throw it against the wall and seeing what sticks” model). However in that rush to release, again what the CISO wants in terms of proper threat modeling often is done haphazardly if it’s done at all. I think we can see the devolution of this all in the increasing service outages plaguing major corporations.

GS: What is your advice on how CISOs can or should counter these trends?

ML: You have to start with risk. What are your real threats? How are they most likely to attack you? How vulnerable are you?

Don’t boil the ocean - the myriad demands on CISOs to meet all the business, management, third party and regulator requirements are prohibitive. To succeed, you have to pick and choose your battles and make the case for the investments you need to execute successfully.

Two decades ago, there were probably a hundred security vendors selling hardware and software to secure the enterprise. Today, there are thousands, with more popping up every day. This is another cause of stress for CISOs, as all of these vendors are pounding on their doors shouting that they have the silver bullet to solve all their issues. Here’s a news flash from someone in the trenches: THEY DON’T!

The end result is millions of dollars are wasted in partially-deployed implementations of technology that not only slow down the business, but also erode the credibility of the CISO when risk reduction promises are not met and the clamor to “fix the problem” goes unanswered. The result is that after an average of 18 months that CISO is out and a new one comes in with a new silver bullet solution or suite of solutions. Then it's off to the races again with more delays, more cost, more impact and no measurable reduction in reducing risk to the enterprise.

The worst thing a starting CISO can do is to say, we’re going to adopt Framework X - whether it’s NIST, ISO, ISF, take your pick - and fully implement it, saying, “Then we will be secure.” While these frameworks are useful, they need to be used in the context of what risk they are trying to reduce. To just implement them all is the IT equivalent of boiling the ocean. You will expend an enormous amount of energy - and money - for very little return. Instead, the CISO needs to focus on control efforts to address the most likely risks and means. You will spend far less and have a far easier story to sell to leadership on what you are doing and why.

GS: What can a CISO do today to achieve these goals and secure the enterprise against breaches, hackers and other threats?

ML: Maintaining customer trust when cyber fraud can happen without anyone ever entering your network is a tall order. Working in today’s open and collaborative environments, allowing third parties to access your networks, shadow IT, and employees as a threat vector means that you must sometimes knowingly allow sensitive data to leave the safety of your network. Additionally, you have to allow access to an increasing number of third parties. No technology on the planet can fully protect this data or know when it has been compromised.

To get a handle on what’s happening with data outside of the network, you need to get smart about using cyber intelligence to identify when that data is being misused and to get proactive about brand abuse.

GS: That sounds like a big job for anybody. Could you give us a basic breakdown of how a CISO would get started?

ML: Definitely! Start by identifying the threats that are most relevant to the business. What can you learn about the motives of the attackers that may target you? What means might they use to inflict harm? What gaps exist in the organization that are most likely to cause these means to be realized? What can you do from a people, process and technology perspective to address these gaps and the associated risks?

Any CISO needs to get ahead of threats and attacks by looking for evidence of them outside of their own network. A security team needs to be able to monitor for data already exposed and compromised credentials at a basic level. Add to that third-party breaches, especially supply chain breaches, and shadow IT and you’re starting to get a fuller picture. Wrap it up with knowing that any big company’s execs could be targeted at any time. Doxing and swatting have become shockingly popular and effective techniques for individuals looking to intimidate or otherwise inconvenience executives, celebrities and elected officials.

GS: Michael, thank you so much for your time. We appreciate your help in understanding more about better approaches to risk management. Where can people get more of your perspective on this issue?
ML: Thank you, it’s been fun. People can check out my blog at


Reach out to GroupSense to find out more about how cyber intelligence can help you better understand, prioritize and communicate about the threats to your organization.

Topics: Blog

Written by Editorial Team