- CISO Series Newsletter
- Posts
- [01-10-23] Stir in a Little Merger and Acquisition, and Voilà, You’re a Target
[01-10-23] Stir in a Little Merger and Acquisition, and Voilà, You’re a Target
Stir in a Little Merger and Acquisition, and Voilà, You’re a Target
CISO Series Podcast
Stir in a Little Merger and Acquisition, and Voilà, You’re a Target
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our guest is Nicole Ford, global vp and CISO, Rockwell Automation. Here are some of the issues we discussed. Please jump in with your thoughts.How does your security program change when you know you’re a specific target, rather than just a random opportunity? I posed this question as a result of seeing Microsoft doubling its nation-state notifications for critical infrastructure in just one year. In those situations, the issue is not ridding yourself of malware, it’s protecting yourself from adversaries, noted Adam Meyers of CrowdStrike. Andy Ellis noted you should spend time understanding how adversaries operate so you can apply that to your infrastructure. And Nicole Ford noted that when you are a part of the supply chain, you can look upstream and see how you can provide security for your customers.Should critical infrastructure agencies be grouped together and share cybersecurity resources? Tony Anscombe of ESET suggested this and it’s not a bad idea given that for 12 years agencies have fulfilled less than half of the recommendations made by the U.S.’s General Accounting Office (GAO). Resources in the private sector are grouped, but not much because of competition. Why can’t we do this in the public sector if there’s no competitive friction?There is no such thing as an entry level job in cybersecurity. While hiring managers post “entry level” for a security job, they do want some experience and some skills, noted Andy, that may not fall under traditional cybersecurity skills. Nicole points out that 10 years ago most security professionals came from IT. But now, they can come from any other department and background, and when they do, they do come with some experience. Since it’s a first job in cybersecurity, and that gives hiring managers the ability to get away with paying bottom level rates.Does a publicly announced M&A or partnership make you more vulnerable to attacks? Many said yes to this question, posed by Michael Santarcangelo of Security Catalyst on LinkedIn. That’s because there is a lot that is unknown before, during, and after a merger that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure.You can listen to this week’s episode over on our blog where you can read the full transcript. If you aren’t already subscribed to CISO Series Podcast on your favorite podcast app, please go ahead and do that right now.
Thanks to our podcast sponsor, Pentera
Best advice for a CISO...
"The best advice I have for a CISO is hope for the best but prepare for the worst. The cyber threat landscape continues to change, and we have to do tests, training, and exercise repeatedly to make sure that we can meet the need when the time comes." -- Nicole Ford, global vp and CISO, Rockwell Automation
Listen to full episode of
Do CISOs Have More Stress than Other C-Suite Jobs?
"I think the short answer is no. I don’t think my job is more stressful than the CEOs job or the COO, or head of sales, or the general counsel. I definitely identify with the sense that it is not a fully formed role. Not every company understands what a CISO is, or should do, or what their requirements for the role should be. But I think we’re getting pretty close to figuring it out, and I think part of figuring it out is realizing that being a senior executive is challenging." - Geoff Belknap, CISO, LinkedInListen to full episode of "Do CISOs Have More Stress than Other C-Suite Jobs?"
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
Make sure you
to join the LIVE "Week In Review" this Friday for
Cyber Security Headlines
with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Shaun Marion, VP and CISO, McDonald's.
Thanks to our Cyber Security Headlines sponsor, AppOmni
Super Cyber Fridays!
Hacking Automated Security
Join us Friday, January 20, 2023, for “Hacking Automated Security: An hour of critical thinking of how intelligent automation can achieve more without doing more.”
It all begins at 1 PM ET/10 AM PT on Friday, January 20, 2023 with guests Brian Vecci, field CTO, Varonis and Ken Collins, sr. director, information security, Sunbelt Rentals, Inc. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Varonis
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.