Building a better CISO dashboard

How we built a CISO dashboard that provides a comprehensive security overview across products and company.

Bala Neerumalla

Head of Information Security at Coda

Building a better CISO dashboard

By Bala Neerumalla

Share this article

Share on TwitterShare on LinkedInShare on Facebook
IT · 4 min read
As a security leader myself, I know how frequently we get pulled in multiple directions, making it a challenge to stay on top of our responsibilities. Over the years, I’ve had my fair share of awkward situations which arose due to not being 100% up to date. Whether it was someone approaching me about a critical P0 security defect I didn’t know existed, or getting pulled into executive reviews of crucial security projects where I didn’t have the most up-to-date information, which led to delays in decision-making. These challenges emphasized to me the need for a comprehensive dashboard that consolidates crucial security information from multiple sources into a single unified view, which provides all the necessary insights about the critical aspects of our company’s security efforts. But because Chief Information Security Officers (CISOs) often have to rely on multiple dashboards across various products to supervise vital and time-sensitive tasks, it makes it difficult to stay on top of our responsibilities. I feel the absence of this unified view presents a big challenge in the industry today. One that my team and I used to face here at Coda. That is, until we developed a dashboard in Coda that offers a comprehensive security overview of a CISO’s responsibilities across products and company, allowing us to stay up to date and effectively manage our significant security tasks.

Challenges of a CISO and how to fix them.

 The security community jokingly passes the below meme around from time to time, but I genuinely think there is some truth to this. While the rest of the C-suite can manage their responsibilities with just a few monitors, CISOs require many more to effectively oversee all aspects of security. With the CISO dashboard we built in Coda, we were able to significantly reduce the need for multiple monitors—metaphorically and literally.

Image by Meta PCS

Before building out our CISO dashboard, we wanted to make sure it tracked all the key information, so we laid out what we thought were the important aspects that should be incorporated, including:
  • Progress on project executions.
  • Latest industry security threats and events.
  • Customer engagements with the security team.
  • Security health of our services (service security).
  • Security quality of our codebase (application security).
  • Employee security awareness and device security.
However, as noted above, this information is usually spread across numerous products, making it difficult for us to identify the urgent tasks that security teams are working on, or should be working on. At Coda for example, the security team works across: AWS Security Hub (security patches and config vulnerabilities), OpsGenie (security alerts), HackerOne (bug bounty program), Intercom (customer interactions), Snowflake (tracking abuse), as well as various Coda docs, where we track security team’s OKRs, bugs, and technical debt. Like Coda, most companies tend to use different security products to manage their security, like Teneble or Qyalys for patch/vulnerability management, Jira for defect and project management, or ServiceNow for the latest security incidents. The list goes on and on (and on). If you’re a fellow security leader, I’m sure you feel the pain of trying to stay on top of all of the above. It can feel impossible. But with Coda, we think we’ve found a better way.

Building a better CISO dashboard.

 Because we work here, we have the luxury of knowing how good Coda is for creating really great team hubs that can act as a single source of truth. So then, while we’re familiar, we also thought it simply offered the best solution to our problems, in large part due to its ability to connect across services (more on that later). We ended up building a CISO dashboard that accomplishes the following:
  • Highlights urgent tasks that require immediate focus.
  • Facilitates direct communication within the document.
  • Captures the security state of our production environment, security quality of our codebase and security project execution.
We accomplished this by using Coda’s unique abilities to incorporate and sync data from a variety of sources, like the AWS Security Hub, HackerOne, Snowflake pack, Cross-doc and few others (the first two are only internal for now, but stay tuned or reach out to us directly), into a single Coda doc.

Team hub as a basis for rituals.

 After developing our dashboard, the team and I then established “rituals” (clear, cadence-based activities, that the entire team understands and may participate in) around the hub, including:
  • A CISO daily debrief: I start every day by refreshing and reviewing the dashboard to identify urgent security tasks that need my attention. This allows me to shuffle my meetings and organize my day accordingly.
  • Whichever engineer is on-call each day is tasked with paying attention to all red and yellow items, and handling them as a priority.
  • During each exec and/or team meeting, we use the hub as our jump-off point for discussions and action planning.

Outcomes and customization.

 After implementing the hub into our process, the security team and I have become much more productive and efficient. It cuts down on information hunting as well as tedious copy-pasting but maybe, most importantly, I only have to go to one place to feel like I have an overall view of Coda’s security situation. It has also cut down our response time to critical or severe events making the larger Coda team more efficient. Every team is unique but my hope is that a dashboard like this can help other security leaders and teams improve their processes as well. While the structure and components as we’ve built them may be useful for many CISOs, it isn’t a dashboard that is likely to serve all CISOs. But, because of Coda’s flexibility, one could take this dashboard template and customize it to their specific needs.

What will you include in your dashboard?

 To help you get going, we created a CISO dashboard template that you can start with and modify according to your needs. Or, if you’re looking for a bit more assistance in customizing, please get in touch with our team who can help build it for you.
Use the template

Related posts

Explore more stories.
ISO certification and beyond

Learn about our new ISO certificates and how Coda is equipped for the enterprise.

Simplify your SaaS stack

Enterprise admins have more control over their workspace than ever before.

Enterprise security policies

How to customize Coda to meet your security needs.