Skip to content

Digital Guardian: What CISOs Should Be Aware Of (But Typically Aren’t)

Digital Guardian came to DriveSavers for cybersecurity advice

Originally published by Digital Guardian.
By Ellen Zhang

The life of a CISO is a busy one and it can be easy for priorities to get lost in the shuffle. We’ve polled a group of CISOs and other security professionals to find out what CISOs should be aware of but likely aren’t.


The role of the Chief Information Security Officer (CISO) is a complex one, requiring the ability to regularly interface not only with other security professionals, but executives spanning every facet of the organization. CISOs are typically responsible for evaluating and implementing the right security tools, within budget, while ensuring that those solutions are properly consolidated (eliminating redundancies and wasteful spend) and are adequate to meet the company’s evolving security needs. Additionally, as CISOs are often tasked with overseeing security awareness training, the ability to communicate with all levels of staff in non-technical jargon is key. Beyond implementing security tools and facilitating communication, though, CISOs oversee every facet of an organization’s security, mandating the ability to see the forest through the trees – acute awareness of both big picture and atomic-level risks, vulnerabilities, and security concerns is a must at all times. That’s where one of the biggest challenges lies for CISOs, and where the need for establishing an experienced, trusted, and reliable team becomes clear.

Without proper policies and procedures, a company's cybersecurity will be shattered

To gain some insight into common blind spots for CISOs and important considerations that CISOs should be aware of, but often aren’t, we reached out to a panel of CISOs and other security pros and asked them to answer this question:


Answer by Michael Hall

Michael Hall, DriveSavers Chief Information Security Officer, develops security protocols to handle critical data for corporations, government, and all DriveSavers customers. Hall has twenty-two years experience in data security and data recovery.

“If a storage device fails…”

Resulting in lost or corrupted digital data, few organizations have the internal resources to recover that data – especially in the case of physical damage or electromechanical failure. The device must be sent to a third-party data recovery vendor. Company-owned devices often hold security-sensitive electronically stored information (ESI), including critical intellectual property (IP), financial databases, accounting files, e-mail exchanges, customer records, PCI, PII and PHI. Most of the data recovery industry does not meet best practice standards to ensure data protection through cybersecurity; therefore, data recovery service providers must be classified as high-risk vendors. If an organization does not perform due diligence before engaging the services of a data recovery vendor, it runs the risk of a data breach that will result in major financial and reputational damage.

Read more:

Mike Cobb, Director of Engineering and CISO
As Director of Engineering, Mike Cobb manages the day-to-day operations of the Engineering Department, including the physical and logical recoveries of rotational media, SSDs, smart devices and flash media. He also oversees the R&D efforts for past, present, and future storage technologies. Mike encourages growth and ensures that each of the departments and their engineers continues to gain knowledge in their field. Each DriveSavers engineer has been trained to ensure the successful and complete recovery of data is their top priority.

As Chief Information Security Officer (CISO), Mike oversees cybersecurity at DriveSavers, including maintaining and updating security certifications such as SOC 2 Type II compliance, coordinating company security policy, and employee cybersecurity education.

Mike joined DriveSavers in 1994 and has a B.S. degree in Computer Science from the University of California, Riverside.

Back To Top