Andy Ellis

Advisory CISO, Orca Security, and Contributing Writer

Andy Ellis is the Advisory CISO at Orca Security, and 2021 Inductee into the CSO Hall of Fame. He is an Operating Partner at YL Ventures, and was formerly a US Air Force officer and the CSO at Akamai Technologies. You can find him hosting the Cloud Security Reinvented podcast and on Twitter at @csoandy.

What the Uber verdict means to CISOs: You're (probably) not going to jail

TikTok resets the clock on security leadership

TikTok resets the clock on security leadership

Roland Cloutier is stepping down as global CSO to become a strategic advisor to TikTok’s CEO. The clock is ticking on the CSO succession plan.

We don’t need another infosec hero

We don’t need another infosec hero

By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement.

The cloud security emperor has no pants

The cloud security emperor has no pants

“Shared responsibility” usually means that no one is responsible for minding the gap. Don’t fall in.

The security user experience (SUX)

The security user experience (SUX)

Security processes that treat the very users we protect as unwanted burdens and alienate them in the process are a path to failure.

CISOs are still chiefs in name only

CISOs are still chiefs in name only

If you’re not in the meeting where decisions are made, then you’re not part of the C-Suite—whatever your title may be.

Drop the SBOM

Drop the SBOM

Software bills of material are having a moment, but the costs of an externally visible SBOM are likely to outweigh the benefits, says Andy Ellis.

Vulnerabilities don’t count

Vulnerabilities don’t count

No one outside the IT department cares about your vulnerability metrics (or they shouldn’t, anyway). They care about efficacy. And traditional stats don’t show that.

Load More