skip to Main Content
Call now to speak to a Data Recovery Advisor. Receive a data recovery quote, free shipping, and a free evaluation. If the data is unrecoverable, there is no charge for our service.

Digital Guardian: What CISOs Should Be Aware Of (But Typically Aren’t)

Digital Guardian Came To DriveSavers For Cybersecurity Advice

Originally published by Digital Guardian.
By Ellen Zhang

The life of a CISO is a busy one and it can be easy for priorities to get lost in the shuffle. We’ve polled a group of CISOs and other security professionals to find out what CISOs should be aware of but likely aren’t.


The role of the Chief Information Security Officer (CISO) is a complex one, requiring the ability to regularly interface not only with other security professionals, but executives spanning every facet of the organization. CISOs are typically responsible for evaluating and implementing the right security tools, within budget, while ensuring that those solutions are properly consolidated (eliminating redundancies and wasteful spend) and are adequate to meet the company’s evolving security needs. Additionally, as CISOs are often tasked with overseeing security awareness training, the ability to communicate with all levels of staff in non-technical jargon is key. Beyond implementing security tools and facilitating communication, though, CISOs oversee every facet of an organization’s security, mandating the ability to see the forest through the trees – acute awareness of both big picture and atomic-level risks, vulnerabilities, and security concerns is a must at all times. That’s where one of the biggest challenges lies for CISOs, and where the need for establishing an experienced, trusted, and reliable team becomes clear.

Without proper policies and procedures, a company's cybersecurity will be shattered

To gain some insight into common blind spots for CISOs and important considerations that CISOs should be aware of, but often aren’t, we reached out to a panel of CISOs and other security pros and asked them to answer this question:


Answer by Michael Hall

Michael Hall, DriveSavers Chief Information Security Officer, develops security protocols to handle critical data for corporations, government, and all DriveSavers customers. Hall has twenty-two years experience in data security and data recovery.

“If a storage device fails…”

Resulting in lost or corrupted digital data, few organizations have the internal resources to recover that data – especially in the case of physical damage or electromechanical failure. The device must be sent to a third-party data recovery vendor. Company-owned devices often hold security-sensitive electronically stored information (ESI), including critical intellectual property (IP), financial databases, accounting files, e-mail exchanges, customer records, PCI, PII and PHI. Most of the data recovery industry does not meet best practice standards to ensure data protection through cybersecurity; therefore, data recovery service providers must be classified as high-risk vendors. If an organization does not perform due diligence before engaging the services of a data recovery vendor, it runs the risk of a data breach that will result in major financial and reputational damage.

Read more:

Mike Cobb

Director of Engineering
Mike joined DriveSavers in 1994. He leads and supervises the R&D efforts for past, present, and future storage technologies, and manages the engineering department's day-to-day operations, including RAID, SAN, NAS, along with the physical and logical recoveries of rotational media, SSDs, smart devices, and flash media. Mike also advocates the continued training and certifications of the DriveSavers Data Recovery engineers. Mike has a B.S. degree in Computer Science from the University of California, Riverside.

Back To Top