top of page

The New SEC Cybersecurity Rule: The Good, the Bad, and the Maddening Frustrations and Contradictions

CISOs discuss practical tactics to abide by the rules – and, incidentally, to better protect themselves and their companies

Learn what CISOs are saying about the new SEC cybersecurity rule

If you’re a CISO (or aspiring CISO), the new SEC cybersecurity rule is probably top of mind right now.


Of course, you can already find plenty of formal guidance from law firms and Big 4 consulting firms – but we wanted to learn what CISOs are telling other CISOs about it.


Beyond the legal intricacies and operational challenges – the 4-day deadline, materiality, IR processes, etc. – we also asked CISOs about how to navigate the personal liability and internal management nuances of complying with the SEC rule.


For this new SEC report written in collaboration with Evan Schuman, Contributing Writer for Dark Reading and CSO Online, we interviewed security leaders from diverse verticals, including:

  • Charles Blauner, former Global Head of Information Security for Citi

  • Mario Duarte, former VP of security for Snowflake

  • Selim Aissi, EVP & CISO for HealthEquity (former CISO for Ellie Mae)

The report also includes published comments from:

  • Joe Sullivan, former Uber CISO

  • Rex Booth, SailPoint CISO

  • Eric Gerding, SEC director of the corporate finance division


Check out the SEC report to hear these expert perspectives on how the new SEC rule raises the bar for cybersecurity transparency and assessing the material impact of incidents.


bottom of page