Greg Touhill was the first CISO of the US federal government. He spoke at Dark Reading’s inaugural INSecurity conference in Washington, DC. He shared his own lessons learned to kick off an event created to bring cyber defenders together so they can discuss problems and challenges. One of Touhill’s lessons was to avoid chasing fads, not buying new technology. Security teams identify risk and threats, protect against them, and often build response plans but rarely exercise them to practice for a real incident.”]
Source: https://www.darkreading.com/attacks-breaches/first-us-federal-ciso-shares-security-lessons-learned