5 Tools Every CIO Needs To Know

It’s easy for technology leaders to be caught up with other high profile management priorities and cyber security is never on that list.  When we have deadlines and targets to be met, the first thing we tend to put aside is our knowledge and tools to help us improve our strategies.

How much time do we actually spend devoting our time to cyber security, out of 100% of our day a typical or average percentage specifically on cyber security is around 3%-5%.  Our daily priorities mean nothing if we aren’t growing and improving this rate significantly.

I always get asked frequently about my favourite security tools, so i’ve put together a list of suggested books that have helped me over the past 5 years:

Here are my current favourites:



Armitage allows you to analyse weak and vulnerable machines in a network with just a few clicks. The demonstrations are very convincing — compromised devices are depicted with a lightning chain and you then can use these devices as a “pivot point” to work your way to other devices, eventually moving closer to an intended target.



Hashcat is a fantastic password recovery tool, showing that the selection of a strong password must be done carefully. It allows us to demonstrate the ease with which a password can be recovered. Incorporate this password cracking tool in your arsenal to check the complexity of your company’s password policy.



WiFite is written in Python and runs on all platforms to test your WiFi security. All you need to supply is your WiFi interface and let WiFite do the rest. Verify that your corporate wireless networks are configured according to applicable security policies, and, better yet, identify any open and accessible network that can potentially be harmful in terms of phishing.



WireShark is probably the best tool when it comes to sniffing for and collecting data over a network. It has boosted its original capabilities with the support of several types of networks to validate filtering policies and the need for encryption. With Wireshark, we see you can see all the information that is exchanged on your network from broadcast traffic, including encrypted and unencrypted protocols that shouldn’t be used such as Telnet and FTP.



With SET, you can take charge of security awareness training without ruining your security budget. The team in charge of security audits can design attack scenarios and distribute them to targeted users. Maybe you want to send HR Manager Kerry the FY reports for the last fiscal year or Sales Manager David a potential quote for a new business opportunity? SET confirms users’ security perceptions within the company and validates the best awareness policy to deploy.

Meet Andrew Constantine

Andrew Constantine is an entrepreneur and a cyber security advisor who is changing the world of cyber security. He is the CEO of Australia’s largest community of technology and business executives.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *