I Wouldn’t Trust Everything You Read… On My Resume
This week’s episode is hosted by me, David Spark , producer of CISO Series and Mike Johnson . Our guest is David Nolan , vp, enterprise risk & CISO, The Aaron's Company, Inc.
How revolutionary (or not) is the White House’s National Cybersecurity Strategy? Mike Johnson said that publishing this document which sets out clear plans and goals is a big step forward. “It’s a strategy, not a step-by-step guide,” said Mike. John Overbaugh , CISO, ASG read it as a wish list of good security practices, but nothing definitive. Most notable was the government’s call to “shift the burden” of cybersecurity to organizations best able to handle it. Isn’t that true of everything? But at the same time hasn’t the cybersecurity industry been trying to impress upon others that cybersecurity is everyone’s issue?
NEWSFLASH! Cybersecurity professionals lie on their resumes . They add degrees and certifications they don't have. They omit degrees for fear of looking overqualified. And sometimes, they flat out invent jobs. But given the responses as to why people do it, it's because they're trying to get by the unnecessary barriers of cybersecurity hiring. Does that make the lying justified?
Should cybersecurity take risks in order to get a big “cyber payout?” The “payout” for cyber is innovation which could be a huge leap forward in your security program. But you often have to take risks to get there. David Nolan is very bullish on this concept. “If you approach innovation right you can try new things in small batch sizes, fail quickly, and modify or improve your approach from what you learn.? A great example of the fail quickly method is in chaos engineering having a resilient approach that encourages trying new things. Even ‘breaking things’ can lead to big innovative gains,” said Nolan.
Do we really want an “AI engine” or do we want a “truth engine?” David Yaffe of Estuary said of ChatGPT, "Entire classes of problems can’t be solved by AI for years, until an architectural change is realized. We’ll be living in a world with tons of content, all with varying ‘resolution’ and ‘accuracy’ until then." I argue that improving that resolution requires trusting vetted sources. But that’s not necessarily going to get us to the truth, it’ll just get us closer and reduce falsehoods.
Listen to the full episode here or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to all our other contributors (witting and unwitting): Sharma Gotham of AccessCyber and David Murray , CISO, Enact Mortgage Insurance .?
Huge thanks to our sponsor, Varonis
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter ?- Twice every week
Cyber Security Headlines Newsletter ?- Every weekday
TOMORROW [5-3-23] BSidesNOLA 2023 and CISO Series Podcast – It’s Happening!
Here’s a little preview of what’s going to happen at BSidesNOLA 2023. This is going to be a star studden cyber nerd event with?Winn Schwartau ?and BSides co-founder?Jack Daniel . We’ll be doing a live audience recording of CISO Series Podcast with my former co-host,?Allan Alford , CISO of?Precedent ?and host of?The Cyber Ranch Podcast ?and?Mike Woods , corporate CISO,?GE .
领英推荐
WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We’ll be closing out the fun at 3:20 PM ET.)
WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)
>>?REGISTER HERE ?<<
HUGE thanks to our sponsors:?Conveyor ,?Nightfall AI ,?Rapid7
Cyber Security Headlines - Week in Review?
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Allison Miller , cybersecurity and technology executive.
Thanks to our Cyber Security Headlines sponsor,? 趋势科技
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
1 年Love the discussions on the topics of cyber strategy and AI today. For the strategy, I agree this is a very positive step from the government to align all sectors in cybersecurity. It will need more revisions and adjustments for sure and making sure the right people/sectors are contributing. This is a must Not because industries do not know the importance of security but they have to understand the negative impact on the economic and safety of our people in this country. For AI, this is just too early to make a judgment. The ethical Side is that the AI are still created and fed by humans who are bias and make mistakes. The perfect or trustworthy AI is light years ahead … if ever
Cybersecurity Educator | Investor | Mentor
1 年Thanks for the shoutout, David Spark and Mike Johnson! Appreciate you sharing AccessCyber research with your listeners.