Stir in a Little Merger and Acquisition, and Voilà, You’re a Target

This week’s episode is hosted by me, David Spark , producer of CISO Series and Andy Ellis , operating partner, YL Ventures . Our guest is Nicole Darden Ford , global vp and CISO, 罗克韦尔自动化 . Here are some of the issues we discussed. Please jump in with your thoughts.

How does your security program change when you know you’re a specific target, rather than just a random opportunity? I posed this question as a result of seeing Microsoft doubling its nation-state notifications for critical infrastructure in just one year . In those situations, the issue is not ridding yourself of malware, it’s protecting yourself from adversaries, noted Adam Meyers of CrowdStrike . Andy Ellis noted you should spend time understanding how adversaries operate so you can apply that to your infrastructure. And Nicole Ford noted that when you are a part of the supply chain, you can look upstream and see how you can provide security for your customers.

Should critical infrastructure agencies be grouped together and share cybersecurity resources? Tony Anscombe of ESET suggested this and it’s not a bad idea given that for 12 years agencies have fulfilled less than half of the recommendations made by the U.S.’s General Accounting Office (GAO). Resources in the private sector are grouped, but not much because of competition. Why can’t we do this in the public sector if there’s no competitive friction?

There is no such thing as an entry level job in cybersecurity. While hiring managers post “entry level” for a security job, they do want some experience and some skills, noted Andy, that may not fall under traditional cybersecurity skills. Nicole points out that 10 years ago most security professionals came from IT. But now, they can come from any other department and background, and when they do, they do come with some experience. Since it’s a first job in cybersecurity, and that gives hiring managers the ability to get away with paying bottom level rates.

Does a publicly announced M&A or partnership make you more vulnerable to attacks? Many said yes to this question, posed by Michael Santarcangelo of Security Catalyst on LinkedIn. That’s because there is a lot that is unknown before, during, and after a merger that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure, LLC .

You can listen to this week’s episode here or over on our blog where you can read the full transcript. If you aren’t already subscribed to CISO Series Podcast on your favorite podcast app, please go ahead and do that right now.

Thanks to all our other contributors (witting and unwitting): Rob Lemos and ???♀? Christopher Burgess .

HUGE thanks to our sponsor, Pentera

Best advice for a CISO...

"The best advice I have for a CISO is hope for the best but prepare for the worst. The cyber threat landscape continues to change, and we have to do tests, training, and exercise repeatedly to make sure that we can meet the need when the time comes." --?Nicole Ford, global vp and CISO, Rockwell Automation

Do CISOs Have More Stress than Other C-Suite Jobs?

"I think the short answer is no. I don’t think my job is more stressful than the CEOs job or the COO, or head of sales, or the general counsel. I definitely identify with the sense that it is not a fully formed role. Not every company understands what a CISO is, or should do, or what their requirements for the role should be. But I think we’re getting pretty close to figuring it out, and I think part of figuring it out is realizing that being a senior executive is challenging." -? Geoff Belknap , CISO, LinkedIn

Listen to full episode of "Do CISOs Have More Stress than Other C-Suite Jobs?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter ?- Twice every week

Cyber Security Headlines Newsletter ?- Every weekday

Cyber Security Headlines - Week in Review

Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be? Shaun Marion , VP and CISO, 麦当劳 .

Thanks to our Cyber Security Headlines?sponsor,? AppOmni

"Hacking Automated Security" - Super Cyber Friday

Join us Friday, January 20, 2023, for?“Hacking Automated Security: An hour of critical thinking of how intelligent automation can achieve more without doing more.”

It all begins at 1 PM ET/10 AM PT on Friday, January 20, 2023 with guests? Brian Vecci , field CTO, Varonis and? Ken Collins , sr. director, information security, Sunbelt Rentals, Inc. ?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Varonis

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com .

Interested in sponsorship,?contact me,? David Spark .