Bill Bonney is a security evangelist, author and publisher, currently serving as the President of CISO DRG, Inc., a publisher of practical guides for information security executives, written by practitioners. Prior to CISO DRG, Bill was Vice President of Product Marketing and Chief Strategist at FHOOSH (now UBIQ), a maker of high-speed encryption software. Prior to FHOOSH, Bill was the Director of Information Security and Compliance at Intuit, and then Vice President of Product Marketing and a Principal Consulting Analyst at TechVision Research.
Bill holds multiple patents in data protection, access and classification, and is a member of the Board of Advisors for CyberTECH, a San Diego incubator, and on the board of directors for the San Diego CISO Roundtable, a professional group focused on building relationships and fostering collaboration in information security management. Bill is a highly regarded speaker and panelist addressing technology and security concerns. Bill recently co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, which are considered among the leading books for CISOs and aspiring CISOs. He holds a Bachelor of Science degree in Computer Science and Applied Mathematics from Albany University.
CISO Desk Reference Guide Books
CISO DRG Vol 1
Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO, experienced, new to the role, or aspiring, to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.
CISO DRG Vol 2
Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. In concludes with an exercise to assist the CISO in developing their own strategic information security plan.
Executive Primer
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Case Studies
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Threat Intel
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Incident Management
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Security Compliance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Be Your Own CISO
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Articles
How Digital Natives Are Shaping the Future of Data Privacy
With the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020, I think it’s timely to look at how digital natives may change the way we view data privacy altogether. If you were a toddler when Voyager 1 and 2 buzzed Saturn in 1980 and 1981 respectively, you are a digital native, as is anyone who came along after you. Maybe you started high school when email and file-sharing started going mainstream, and by the time you graduated, The New York Times had a homepage, at least one of your parents was likely online, and we, consumers at large, were beginning to experience...
Our Progress in Cybersecurity Culture Is Improving, Now What’s Next?
Tricia Griffith, CEO of Progressive, the large insurance provider, said: “With the right people, culture, and values, you can accomplish great things.” [1] Several excellent analogies can be used to describe the global challenge we face in cyberspace. We can describe it as modern piracy, given the history of piracy impacting so many people while it was rampant, its criminal nature, and its use in proxy wars between the great naval powers of the 17th and 18th centuries. It could be thought of as similar to infectious disease, given how often software viruses are proximate to fraud and...
How We Want Recruiters and Hiring Managers to Behave
Gary Hayslip, my good friend and partner, and co-author of our book: “CISO Desk Reference Guide,” just wrote what I think is a very courageous blog about a hurtful and confusing experience he had while exploring a job opportunity. It certainly struck a chord with me, so I thought I’d relate some of my thoughts as well. But first, I’d like to commend him on the vulnerability he showed in writing his article in the first person. When our leaders are willing to be vulnerable, we all grow. Thank you, Gary. Gary mentioned in his article, “Cyber Recruiting, the good, the bad and the not so...
Data Classification is the Key to Data Protection, Part I
“No, no!” said the Queen. “Sentence first – verdict afterwards.” “Stuff and nonsense!” said Alice loudly. “The idea of having the sentence first!”The value proposition for data is not in its protection (sentence), but in its use (verdict).In this series of articles, we’re going to explore an alternate value proposition for data classification and the benefits of thinking of data classification primarily as an enabler for using data rather than protecting data. In this first article, we’ll consider the fundamental reason that we want to classify data with this mindset. In the second article,...