A Fireman? A Princess? How About a CISO?

As children, we don't dream of becoming a CISO, but yet we still have them. What is it a security professional can learn or even show to demonstrate that they're getting ready for the position of a CISO?

This week’s episode is hosted by me, David Spark , producer of CISO Series and Andy Ellis , operating partner, YL Ventures . Our guest is Paul Connelly, NACD-DC , former CISO, HCA Healthcare.

What don’t CISOs know about physical security? CISOs who are about to become CSOs, covering both disciplines of physical and digital security must realize that they may never own physical security. That may be the responsibility of facilities who won’t necessarily get along well with you, said Andy Ellis. Unlike digital security, with physical security people are constantly interacting with your physical controls. Another unique difference is that digital security is enterprise focused while physical security is local, said Paul Connelly.

How do I create that path to prove I can be a CISO? Security professionals usually start out technically and don't get any of that unique CISO training which is more focused on business, communications, and risk management. To create your path, you need business mentors. Look to your peers who are stakeholders in other departments for that guidance. Also, begin to learn their motivations and be empathetic.

How does a board behave differently once it’s cybersavvy? Andy Ellis has said on the show that if the CISO is the only one educating the board about cybersecurity, then they can only make decisions on what information they had previously. There’s now a push for more organizations to have some type of cybertalent on the board. When the board has more cyber knowledge, it can go deeper into the inner workings of a security program rather than take what the CISO says at face value.

Overcoming behaviors that are not becoming of a CISO. On CSO Online , Jaikumar Vijayan wrote a very click-baity article entitled, "5 ways to tell you are NOT CISO material.” Those are:

1. - Being risk averse?
2. - Wanting to do it all
3. - You don't like business speak
4. - You can't sell security
5. - Being overly technical

Andy and Paul admitted that being risk averse and wanting to do it all were qualities they wanted to do, but needed to manage as they stepped into the CISO role.?

Listen to the full episode here, over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Huge thanks to Mathew Biby , CISO of Gogo | Satcom Direct for giving us this week’s “What’s Worse?!” scenario.

Thanks to our podcast sponsor, Nightfall AI

Best advice I ever got in security...

"The best advice for me was start with the mission of your organization and make sure that you’re connecting your program to that mission. I’ve worked in healthcare the last 20 years, and it’s all about taking care of patients, and my program ties to that." -?Paul Connelly, former CISO, HCA Healthcare

Do RFPs Work?

"The reality is if you have a very specific thing that everybody knows what the details and specifications and attributes of that thing are, an RFP is great. Because, again, you're presuming there's a level playing field, that you're just buying widgets, and everybody's widgets are basically the same but you're trying to suss out what are the differences between the people selling you those widgets.?That is just not the case at all in the security space." -? Geoff Belknap , CISO, LinkedIn

Listen to full episode of "Do RFPs Work?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter?- Twice every week

Cyber Security Headlines Newsletter?- Every weekday

Cyber Security Headlines - Week in Review

?Make sure you?register on YouTube?(insert updated link)?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with CISO Series?reporter? Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Richard Greenberg, CISSP distinguished fellow, ISSA International.

Thanks to our Cyber Security Headlines sponsor, Sonrai Security

Jump in on these conversations?

"What am I protecting from at this point?"?(More here)

"How common are unused accounts on active directory and should they be addressed?"?(More here)

"What's a little-known fact about your profession that would make other people lose their s**t?"?(More here)

AI Attacks Are More Frequent and More Tailored

We're going through a period of increased scrutiny around AI these days and who knows if regulations can be put in place to curtail the negative uses, but it's definitely not happening soon enough. Our information is being used against us just like it always has, but thanks to AI it's happening at a higher rate. Attempts to subterfuge our platforms using phishing has just more often and with better tailored messaging to the individual. An even more customized email blast if you will.

In this sponsored guest interview with Patrick H. , CEO, SlashNext , we discussed how phishing behaviors have changed.?

HUGE thanks to our sponsor, SlashNext

Coming up in the weeks ahead?on?Super Cyber Friday?we have:

• [06-02-23] Hacking the Future of Risk Management
• [06-06-23] Hacking Data Loss
• [07-21-23] Hacking 5G Security

Save your spot and register for them all now!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com.

Interested in sponsorship,?contact me,?David Spark.