Episode 5

Being An Effective Chief Information Security Officer (CISO)

Richard Biever, Chief Information Security Officer, Duke University, shares valuable insights on how to create an effective CISO function. In a wide-ranging and substantive discussion that touched upon key aspects of cybersecurity governance, Richard shared his philosophy and approach to a) building strong relationships, b) creating a strong sense of agency and ownership, c) communicating effectively, d) protecting against ransomware attacks, e) creating and sustaining a high-performance information security culture, and more.

Memorable Richard Biever Quotes/Statements

"Security is everybody’s responsibility and that is a culture that is really important to bring into an organization."

"Finding that balance of how the security function can be an enabler and a good partner within the organization."

"A lot of it is about telling a story, and I think cybersecurity has come a long way in that regard."


2:55 – What does it take to be an effective CISO?

5:33 – What mechanisms do you have in place to be an effective listener?

7:58 – How do you effectively communicate the dos and don’ts? How do you approach cybersecurity communication at your institution?

11:57 – How do you customize communication? What mechanisms are in place to do that?

15:08 – What are some steps and measures to protect against ransomware attacks?

21:00 – How can CISO’s help create and sustain a high-performance information security culture?

27:22 – When it comes to students, how are you able to build that kind of relationship where students have a sense of ownership?

31:17 – How do you ensure that academic departments and initiatives are taking the appropriate steps to minimize security risk exposure?

35:18 -- What is the single biggest hurdle that you face on a day-to-day basis? How do you cope with it?

39:40 – What performance measures do you track?

43:55 – Any final words of wisdom?

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.