Building a better CISO dashboard
How we built a CISO dashboard that provides a comprehensive security overview across products and company.
Bala Neerumalla
Head of Information Security at Coda
IT · 4 min read
Challenges of a CISO and how to fix them.
The security community jokingly passes the below meme around from time to time, but I genuinely think there is some truth to this. While the rest of the C-suite can manage their responsibilities with just a few monitors, CISOs require many more to effectively oversee all aspects of security. With the CISO dashboard we built in Coda, we were able to significantly reduce the need for multiple monitors—metaphorically and literally.Image by Meta PCS
- Progress on project executions.
- Latest industry security threats and events.
- Customer engagements with the security team.
- Security health of our services (service security).
- Security quality of our codebase (application security).
- Employee security awareness and device security.
Building a better CISO dashboard.
Because we work here, we have the luxury of knowing how good Coda is for creating really great team hubs that can act as a single source of truth. So then, while we’re familiar, we also thought it simply offered the best solution to our problems, in large part due to its ability to connect across services (more on that later). We ended up building a CISO dashboard that accomplishes the following:- Highlights urgent tasks that require immediate focus.
- Facilitates direct communication within the document.
- Captures the security state of our production environment, security quality of our codebase and security project execution.
Team hub as a basis for rituals.
After developing our dashboard, the team and I then established “rituals” (clear, cadence-based activities, that the entire team understands and may participate in) around the hub, including:- A CISO daily debrief: I start every day by refreshing and reviewing the dashboard to identify urgent security tasks that need my attention. This allows me to shuffle my meetings and organize my day accordingly.
- Whichever engineer is on-call each day is tasked with paying attention to all red and yellow items, and handling them as a priority.
- During each exec and/or team meeting, we use the hub as our jump-off point for discussions and action planning.