Can’t You Just Pop Out of Zeus’ Head a Fully Formed Security Professional?
This week’s episode is hosted by me, David Spark , producer of CISO Series , and Andy Ellis , operating partner, YL Ventures . Our guest is Dr. Joe Lewis , CISO, Centers for Disease Control and Prevention .
We discussed the following:
We’re going to lose more CISOs if they don’t get some support. This was the warning from Dan Maslin , a group CISO at 澳大利亚蒙纳士大学 . Are CISOs in such a dire situation of being poorly understood and appreciated that they’re ready to just leave the profession??
“If you have to educate somebody every single time you bring a new risk to them, you run a different risk which is the moment you start to talk about the risk, people use whatever their current understanding is to make a decision about it,” said Andy Ellis. The reason we need cyber literacy is so they have references to draw on to be able to make a decision.
How important is it for a security vendor to publish pricing on the web? Lesley Carhart of Dragos, Inc. is frustrated when she’s interested in a product but can’t find pricing. Unless it’s a self-service SaaS vendor, most B2B vendors don’t publish their pricing (and apparently Dragos doesn’t either. I couldn’t find pricing on their site). While we don’t think pricing is necessary, we do think it’s critical to provide lots of information, such as a video demo, so the security buyer can do their own research.?
Companies want to hire security professionals who already know everything. "The military will take an 18-year-old and turn him or her into a soldier in 16 weeks. They will continually train that soldier over the course of their employment," said ? Chuck M. of Fortress Security Risk Management . Problem is corporations in dire need for cybersecurity help have little to no means to train. They're just hoping they'll show up perfect and ready to fight in a digital war. If cyber training was more institutionalized within organizations, like the military, businesses wouldn’t find themselves in this perpetual need to hire skilled professionals.
What we don’t know just makes cybersecurity that much more difficult. The asset management industry has been living off the well-understood and accepted mantra of “you can’t protect what you don’t know.” But “the not knowing” also adds complexity to your security program. "How much do unmanaged assets slow down your incident response and vulnerability management process,” asked Steven Palange of TLIC Worldwide, Inc. .
Listen to the full episode over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
And thanks to Osmond Young (pseudonym) for supplying this week’s “What’s Worse?!” scenario.
HUGE thanks to our sponsor, Cyolo
What I love about cybersecurity...
"It really is a place for everybody. As an industry, we attract people like boxers and nurses and people from IT Ops and Audit and all kinds of really interesting places, and as a result, we get some of the best people." -??Joe Lewis, CISO, CDC
How to Always Make a Business Case for Security...
"[M]any CISOs in companies have an important responsibility, but unfortunately they don’t have the authority. And they’re expected to do great things for the business. They’re expected to protect the business. They’re expected to create processes to mitigate or eradicate risks. They’re expected to implement things that affect the entire organization. But then they get a lot of pushback because the people and the company’s buy in that they need they don’t have the authority to implement it." - Sravish Sridhar , founder and CEO, TrustCloud
Listen to full episode of "How to Always Make a Business Case for Security"
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter?- Twice every week
领英推荐
Cyber Security Headlines Newsletter?- Every weekday
Cyber Security Headlines - Week in Review?
Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines Week In Review with CISO Series reporter Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Steve Zalewski , host of Defense in Depth.
Thanks to our Cyber Security Headlines sponsor, Tines
[5-3-23] BSidesNOLA 2023 and CISO Series Podcast – It’s Happening!
Here’s a little preview of what’s going to happen at BSidesNOLA 2023. This is going to be a star studden cyber nerd event with Winn Schwartau and BSides co-founder Jack Daniel . We’ll be doing a live audience recording of CISO Series Podcast with my former co-host, Allan Alford , CISO of Precedent and host of The Cyber Ranch Podcast and Mike W. , corporate CISO, 通用电气 .
WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We’ll be closing out the fun at 3:20 PM ET.)
WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)
>> REGISTER HERE <<
HUGE thanks to our sponsors: Conveyor , Nightfall AI , Rapid7
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com.
Interested in sponsorship,?contact me,?David Spark.
Technical Director, Strategic Alliances, API Security Expert at Noname
1 年Yes one can be born whole and complete
Governance, Risk, Compliance (GRC) Executive, Building IPO-Proof GRC
1 年Props on Ancient Greek mythology! And great content as always
Helping you reduce cyber risk faster through Zero Trust Architecture.
1 年Take my statement published in the article at face value. But understand the context. Your statement, "(Every corporation), "while in dire need for cybersecurity help have little to no means to train," but they DO, in fact, have the ability to train and/or leverage organizations who employ highly trained and experienced workers in cybersecurity. They just choose not to. Corporations are short-term overachievers. "What have you done for me this month, week, day, hour, minute." They have been drugged by the tyranny of the profit center. Investing in people is the long play, but they're not interested in that. At all. Leadership STILL believes InfoSec is a line item on the IT budget. Absurd. Still reports to the CIO. Really? Remember the story of the fox and hen house? Yeah, that's it. Most Board of Directors still don't have significant representation from a strong cybersecurity/GRC angle. Once the BoD understands that THEY are responsible for data protection, things might change. But I doubt it.